|
Security
Implementing Authentication and Authorization for the Xythos WFS WebDAV Server
With SAS Integration Technologies, you might publish or subscribe
to information stored on a Xythos WebFile Server (WFS) WebDAV server. In addition, if you use
the SAS Information Delivery Portal, you might store file content
on a Xythos WFS WebDAV server. Other products, such as SAS Web Report Studio, use the WebDAV server to store reports.
For security purposes, SAS Integration Technologies implements an extension, the
SAS User Management Customization, that is an
optional addition to the authentication mechanisms
of the Xythos WFS WebDAV server. The extension enables the WebDAV server to use
authentication and authorization metadata in the SAS Metadata Server as follows:
Authentication: When using the Xythos WFS WebDAV server,
WebDAV users can be authenticated against the SAS Metadata Server's authentication provider.
In this case, you must define your WebDAV users on the appropriate authentication provider
for the SAS Metadata Server.
For details about authentication providers, see Implementing Authentication.
(In other cases, specific user login definitions can be used for
authentication).
Authorization: To authorize access to content on a Xythos WFS WebDAV server,
administrators can specify users and groups that are defined in a SAS Metadata Repository.
To set authorization (access control) for appropriate user or group metadata identities, administrators
use the Xythos WFS Administration interface to control access to
resources on the WebDAV server.
Before you can associate access controls with a folder, you must complete these tasks:
Create folders on the WebDAV server. Use the WebDAV tools to set up the
appropriate folders.
Ensure that the appropriate user, group, and login definitions exist
on the SAS Metadata Server for the WebDAV users and groups for whom you wish to control access to the folders:
Use the User Manager plug-in of the
SAS Management Console to define the users, groups, and logins in a SAS Metadata Repository.
Define a login as follows:
- Specify the authentication domain name for the Xythos WebDAV server that you entered during installation of the SAS User Management Customization.
- Specify the password field for the login definition based on the type of authentication setup that your WebDAV server uses. For details, see Defining Users, Groups, and Logins on the SAS Metadata Server.
After you have created the WebDAV folders and
have ensured that the appropriate user, group, and login definitions are created on the SAS Metadata Server, use
the Xythos WFS WebDAV Administration interface to associate access controls with the folders.
For an example of using the Administration interface with a portal publish and subscribe
scenario, see Scenario: Using the Xythos Administration GUI and SAS User Management Customization with the Portal.
For further details about the Xythos administration tools,
refer to the product documentation.
|