Problem Note 68477: Kerberos constrained delegation can fail if you have enabled the externalIdentity flag for a sas.logon.groups configuration
A new externalIdentity flag was added to the sas.logon.groups configuration to support the SUB::SAS.ExternalIdentity substitution parameter for row-level security in SAS® Cloud Analytic Services (CAS) in SAS® Viya® 3.5.
However, activating this flag can cause failures when you launch a compute session that uses Kerberos constrained delegation.
The workaround is to disable this flag.
Click the Hot Fix tab in this note for a link to instructions about accessing and applying the software update.
Operating System and Release Information
SAS System | SAS Viya | Linux for x64 | 3.5 | 2021.1.6 | Viya | Viya |
*
For software releases that are not yet generally available, the Fixed
Release is the software release in which the problem is planned to be
fixed.
When you launch a compute session, Kerberos constrained delegation fails if you have enabled the externalIdentity flag for sas.logon.groups.
Type: | Problem Note |
Priority: | high |
Date Modified: | 2021-10-08 16:04:47 |
Date Created: | 2021-10-05 08:27:16 |