Secure DS2 HTTP Package Usage

The DS2 HTTP package supports HTTP and HTTPS endpoints. The configuration of SAS Micro Analytic Service defines the SSLCALISTLOC environment variable, which specifies the location of the digital certificates for trusted certificate authorities.
The SSLCALISTLOC environment variable is defined in a host-specific configuration script that is located in the application server's bin directory. For example, a UNIX platform SAS-configuration-directory/LevN/Web/WebAppServer/SASServer13_1/bin/setenv.sh defines SSLCALISTLOC with a value of SSLCALISTLOC=$JRE_HOME/../../../SASSecurityCertificateFramework/1.1/cacerts/trustedcerts.pem. For more information about SSLCALISTLOC, see Encryption in SAS 9.4.
When an HTTP endpoint requires client authentication, it responds to the client with its list of supported authentication mechanisms. The DS2 HTTP package currently supports two of the three most common authentication mechanisms. It supports Basic and Negotiate, but does not support the Digest mechanism. Because Basic authentication in itself does not provide any credential confidentiality, it should be used only when the data is being encrypted through TLS. The DS2 HTTP package does not provide an interface allowing the user to specify credentials, other than including them in the URL. An example is http://username:password@example.com/. The Negotiate mechanism supports Kerberos and, when it is used on Windows, NTLM is also supported. For more information, see “Using the HTTP Package” in SAS 9.4 DS2 Language Reference.