Usage Note 38857: SAS® Stored Process error: The connection factory requires an identity for the authentication domain
 |  |  |  |
When executing a SAS® Stored Process, the SAS® client user must have a login user account that uses the same Authentication Domain as the SAS® Stored Process Server.
As an example, if the SAS Stored Process Server has an Authentication Domain called UnixAuth, then the SAS client user must have a login user account for UnixAuth (or be a member of a group that has a login account for UnixAuth).
If the client user does not have a user account for the same Authentication Domain as the SAS Stored Process Server, then one of the following error messages might occur.
Caused by: com.sas.services.connection.LoginException: cxp.002.ex.msg: The connection factory requires an identity for the authentication domain "xxxxAuth", but the user context provided for user "User Name Here" does not have any identities for that domain. Therefore, the user cannot be authorized to use the connection factory.
OR
Caused by: com.sas.services.connection.LoginException: cxp.003.ex.msg: All identities for the authentication domain "XXXXXAuth" contained in the user context provided for user "User Name Here" either could not be authenticated or were not authorized to use the connection factory. The factory does not support any other authentication domains so the user cannot be authorized to use the connection factory.
The most common scenario where this problem occurs is when the SAS® Metadata Server is associated with one Authentication Domain (such as DefaultAuth) and the SAS Stored Process Server is associated with another Authentication Domain (such as UnixAuth).
To help determine the cause of these errors, follow these steps:
- The SAS client user must have a user account that is associated with the same Authentication Domain as the SAS Stored Process Server (or be a member of a group that has a login account for this Authentication Domain).
-
Using SAS® Management Console, under User Manager,
select Properties for the user. Then, select
the Logins tab. The user should have:
Authentication Domain User ID Password DefaultAuth <userid here> <password not required> UnixAuth <userid here> <Password is Required>
The UnixAuth user id must be a valid login account on the SAS Stored Process Server machine and the correct password must be provided.
-
Check to make sure the user can log on to the SAS Stored Process
Server machine using this UnixAuth account. Then, re–enter
the userid and password on the Logins tab.
Click OK to save the setting.
Note: if this user is a member of a Group that has a valid login account for UnixAuth, then the user does not need to have their own UnixAuth user account. The Group login account will be used.
- As a test, submit a SAS Stored Process request using the
SAS Stored Process Web Application. On the URL Address, specify
&_debug=trace,log. For example:
http://your.server:8080/SASStoredProcess/do?_program=%2FSamples%2FStored+Processes%2FSample%3A+Hello+World&_DEBUG=trace,logCheck the output and look for error messages.
- Check the stp.log file on your Application Web Server machine.
The location should be similar to the following:
.../Lev1/web/Deployments/Portal/logs/stp.log
- Check the SAS Stored Process Server log files and look for
error messages. The location should be similar to the following
on the SAS Stored Process Server machine:
.../Lev1/SASMain/StoredProcessServer/logs/
As an example, if the SAS Metdata Server is associated with an Authentication Domain called DefaultAuth and the SAS Stored Process Server is associated with an Authentication Domain called UnixAuth, then the SAS client user must have a login account defined for UnixAuth.
More information
For more information see:Usage Note 37486 about "User is not authorized to access stored process. com.sas.services.storedprocess.ExecutionException: A connection could not be obtained."
Usage Note 30510 about "Tips for executing a stored process when using LDAP authentication."
See
Understanding Authentication
in "SAS 9.1.3 Intelligence Platform: Security Admin Guide, Second Ed"
Operating System and Release Information
| Product Family | Product | System | SAS Release | |
| Reported | Fixed* | |||
| SAS System | SAS Integration Technologies | z/OS | 9.1 TS1M3 SP4 | |
| Microsoft® Windows® for 64-Bit Itanium-based Systems | 9.1 TS1M3 SP4 | |||
| Microsoft Windows Server 2003 Datacenter 64-bit Edition | 9.1 TS1M3 SP4 | |||
| Microsoft Windows Server 2003 Enterprise 64-bit Edition | 9.1 TS1M3 SP4 | |||
| Microsoft Windows XP 64-bit Edition | 9.1 TS1M3 SP4 | |||
| Microsoft Windows 2000 Advanced Server | 9.1 TS1M3 SP4 | |||
| Microsoft Windows 2000 Datacenter Server | 9.1 TS1M3 SP4 | |||
| Microsoft Windows 2000 Server | 9.1 TS1M3 SP4 | |||
| Microsoft Windows 2000 Professional | 9.1 TS1M3 SP4 | |||
| Microsoft Windows NT Workstation | 9.1 TS1M3 SP4 | |||
| Microsoft Windows Server 2003 Datacenter Edition | 9.1 TS1M3 SP4 | |||
| Microsoft Windows Server 2003 Enterprise Edition | 9.1 TS1M3 SP4 | |||
| Microsoft Windows Server 2003 Standard Edition | 9.1 TS1M3 SP4 | |||
| Microsoft Windows XP Professional | 9.1 TS1M3 SP4 | |||
| 64-bit Enabled AIX | 9.1 TS1M3 SP4 | |||
| 64-bit Enabled HP-UX | 9.1 TS1M3 SP4 | |||
| 64-bit Enabled Solaris | 9.1 TS1M3 SP4 | |||
| HP-UX IPF | 9.1 TS1M3 SP4 | |||
| Linux | 9.1 TS1M3 SP4 | |||
| Linux on Itanium | 9.1 TS1M3 SP4 | |||
| OpenVMS Alpha | 9.1 TS1M3 SP4 | |||
| Solaris for x64 | 9.1 TS1M3 SP4 | |||
| Tru64 UNIX | 9.1 TS1M3 SP4 | |||
| Type: | Usage Note |
| Priority: | |
| Topic: | System Administration ==> Security ==> Authentication |
| Date Modified: | 2010-03-23 16:02:06 |
| Date Created: | 2010-02-25 12:42:44 |