There is no individual mechanism that provides end-to-end
single sign-on (SSO). The following authentication processes are transparent:
-
Integrated Windows authentication
(IWA) is based on previous authentication to your desktop and provides
silent launch for SAS desktop applications (and, sometimes, silent
access to the workspace server).
-
Web authentication is based on
previous authentication to your Web realm and provides silent launch
for SAS Web applications.
-
SAS token authentication requires
a connection to the metadata server and provides silent access to
most SAS servers.
-
Credential reuse and retrieval
requires a connection to the metadata server and can provide silent
access to any server.
Some configurations
can interfere with SSO to back-end servers. This table summarizes
the considerations:
SSO Considerations for Selected Authentication Mechanisms
|
|
|
|
|
|
|
An internal account
can't participate in IWA or Web authentication.
|
|
|
|
Facilitates SSO to
most SAS servers.
|
|
|
|
Facilitates silent launch
of desktop applications. If not fully configured, prevents SSO to
a standard workspace server. 1
|
|
|
|
Facilitates silent
launch of Web applications. Prevents SSO to a standard workspace server. 1
|
Direct LDAP authentication
|
|
|
Not compatible with
silent launch. Prevents SSO to a standard workspace server. 1
|
|
|
|
Can help unify authentication.
|
|
|
|
Facilitates SSO to third-party
servers and (in some configurations) workspace servers.
|
1Unless the server is configured
for SAS token authentication or accessed using stored credentials.
|