If you choose to configure
Web authentication, make sure that user metadata definitions include
logins as explained in this topic.
Someone who uses only
Web applications should have a login in the web authentication domain.
For example:
web | joe | (no password)
Someone who uses both
Web and desktop applications might need two logins. One login contains
the user's authenticated ID after logging on to a desktop application,
and the other login contains the user's authenticated ID after logging
on to a Web application. For example:
DefaultAuth | WIN\joe | (no password)
web | joe | (no password)
In the preceding example,
two logins are needed because the format of the authenticated user
ID differs in each context as follows:
-
When Joe logs on to a desktop application
(as joe), SAS obtains his user ID in down-level format (WIN\joe),
and that string is matched to the user ID in Joe's DefaultAuth login.
-
When Joe logs on to a Web application
(as joe), SAS obtains his user ID in short format (joe), and that
string is matched to the user ID in Joe's web login.
However, if the authenticated
user ID is identical in both contexts, the web login is not needed.
If SAS obtains both authenticated user IDs as joe, the web login is
not needed. In the following example, the metadata server is not authenticating
against Windows accounts and the web login is not needed. When Joe
logs on to a Web application, the presence of his DefaultAuth login
(which contains the correct user ID) is sufficient for the metadata
server to successfully determine his metadata identity.
DefaultAuth | joe | (no password)
web | joe | (no password)
Note: If your Web environment uses
Integrated Windows authentication, you must pay careful attention
to the format in which SAS obtains user IDs from the Web realm. If
you find that users of Web applications have only the PUBLIC identity,
it is likely that the user ID in each web login is not in the same
format as the user ID that SAS obtains from the Web realm.
Note: This isn't a comprehensive
discussion of logins; some users might have additional logins for
other purposes.