When submitting requests to the SAS^® Stored Process Server via the Web interface, users are prompted to provide a valid user name and password for authentication. However, in some situations you might want to permit users to avoid the user authentication window when submitting a request.

Use one of the following methods to avoid the StoredProcessServlet user authentication window from appearing.

Method 1:

As an alternative to using the host operating system accounts to authenticate users, you can configure trusted Web authentication. For more information, consult the "Changing to Trusted Web Authentication" section of the documentation for "Setting Up and Managing Middle-Tier Security".

Method 2:

To bypass the authentication window for some, but not all, stored processes, you should pass the _username and _password variables in the HTML form or on the url for the stored process (depending on how you are submitting it). If you use this approach, you can encode your password by using PROC PWENCODE. For example, if your password is "mypass", the PROC PWENCODE would be:

proc pwencode in="mypass";
run;

The encoded value for "mypass" is "{sas001}bX1wYXNz".

Here is an example of passing "_username=" and "_password=" in the url:

http://your.server:8080/SASStoredProcess/do?
_program=/yourfolder/your+stored+process&_username=sasdemo&_password={sas001}bX1wYXNz
 

If you submit your stored process using an HTML form, you can pass "_username=" and "_password=" name/value variables when you submit your request.

The following HTML file submits a request to the Stored Process Server, passing "_username" and "_password" (which is encoded). If you want to execute this HTML file on your Servlet Container, you can save it as a JSP file (for example "test.jsp").

   <HTML>
   <FORM method="POST" action="/SASStoredProcess/do">
   <INPUT TYPE="HIDDEN" NAME="_PROGRAM" VALUE="/Testlib/test1">
   <INPUT type="HIDDEN" name="_username" value="user123">
   <INPUT type="HIDDEN" name="_password" value="{sas001}bX1wYXNz">
   <INPUT TYPE="SUBMIT" VALUE="Submit">
   </FORM>
   </HTML>

Here is another example HTML file. It automatically redirects the request to the SAS Stored Process Server. This helps minimize exposure of the username and encoded password.

 <HTML>
 <BODY onLoad="document.sub.submit()">
 <FORM name="sub" method="POST" action="/SASStoredProcess/do">
 <INPUT TYPE="HIDDEN" NAME="_PROGRAM" VALUE="/Testlib/test1">
 <INPUT type="HIDDEN" name="_username" value="user123">
 <INPUT type="HIDDEN" name="_password" value="{sas001}bX1wYXNz">
 </FORM>
 </HTML>

Method 3:

If you want to specify a user ID to authenticate for all stored processes executed by the SASStoredProcess servlet, you can add "_username=" and "_password=" request values to the params.config file for the Stored Process Web Application. The password should be encoded as described above. The default _username setting must be commented out. For example:

   #  COMMENT OUT Authenticated user name
   #_username=$servlet.user.name

   #  set _username and _password to avoid authentication prompt
   _username=sasdemo
   _password={sas001}bX1wYXNz

For information about the params.config file consult the SAS Stored Process Web Application Configuration section of the documentation for SAS 9.1.3 Integration Technologies Developer's Guide.

Operating System and Release Information