Host Authentication

Host Authentication (Credential-Based)
Summary
A client supplies an external user ID and password to a SAS server. The SAS server passes the credentials to its host for authentication.
Note: Another form of host authentication, Integrated Windows authentication (IWA), is documented separately.
Scope
  • Primarily used for direct connections to the metadata server or OLAP server.
  • Not used for metadata-aware connections to the OLAP server or stored process server.
  • Sometimes used for connections to the workspace server.
Benefits
No configuration is required. Can enable users to log on to SAS applications with the same credentials that they use in your general computing environment.
Limits
  • On a workspace server on Windows, requires that users have the Windows privilege Log on as a batch job.
  • Involves passing user IDs and passwords across the network.
Use
Always available.
The following figure shows one example of how this mechanism works:
Host Authentication (credential-based)
Host Authentication (credential-based)
The numbers in the figure correspond to these actions:
  1. The client obtains the user's ID and password (interactively or through credential management). The client sends those credentials to the target server.
  2. The server passes the credentials to its host for authentication.
  3. The host passes the credentials to its authentication provider.
  4. After verifying that the user ID and password correspond to a valid account, the host's authentication provider returns the user's ID to the host.
  5. The host returns the user's ID to the SAS server.
  6. The server accepts the client connection.