SAS 9.1.3 Integration Technologies » Server Administrator's Guide


Security
Overview of Domains
Implementing Authentication
Host Authentication
Trusted Authentication Mechanisms
Alternative Authentication Providers
Defining Users, Groups, and Logins on the SAS Metadata Server
Implementing Authentication and Authorization for Xythos WFS WebDAV
Scenario
Implementing Encryption
Setting Up Additional Server Security
Planning the Workspace and Stored Process Server Security
Spawner Security
Scenario: Spawner and Load-Balancing
Pooling Security
Scenario: Pooling
Load Balancing Security
Scenario: Load-Balancing Across Two Machines
Implementing Security in Client Applications
Security

Implementing Authentication and Authorization for the Xythos WFS WebDAV Server

With SAS Integration Technologies, you might publish or subscribe to information stored on a Xythos WebFile Server (WFS) WebDAV server. In addition, if you use the SAS Information Delivery Portal, you might store file content on a Xythos WFS WebDAV server. Other products, such as SAS Web Report Studio, use the WebDAV server to store reports.

For security purposes, SAS Integration Technologies implements an extension, the SAS User Management Customization, that is an optional addition to the authentication mechanisms of the Xythos WFS WebDAV server. The extension enables the WebDAV server to use authentication and authorization metadata in the SAS Metadata Server as follows:

  • Authentication: When using the Xythos WFS WebDAV server, WebDAV users can be authenticated against the SAS Metadata Server's authentication provider. In this case, you must define your WebDAV users on the appropriate authentication provider for the SAS Metadata Server. For details about authentication providers, see Implementing Authentication. (In other cases, specific user login definitions can be used for authentication).

  • Authorization: To authorize access to content on a Xythos WFS WebDAV server, administrators can specify users and groups that are defined in a SAS Metadata Repository. To set authorization (access control) for appropriate user or group metadata identities, administrators use the Xythos WFS Administration interface to control access to resources on the WebDAV server. Before you can associate access controls with a folder, you must complete these tasks:

    1. Create folders on the WebDAV server. Use the WebDAV tools to set up the appropriate folders.

    2. Ensure that the appropriate user, group, and login definitions exist on the SAS Metadata Server for the WebDAV users and groups for whom you wish to control access to the folders: Use the User Manager plug-in of the SAS Management Console to define the users, groups, and logins in a SAS Metadata Repository. Define a login as follows:

      • Specify the authentication domain name for the Xythos WebDAV server that you entered during installation of the SAS User Management Customization.
      • Specify the password field for the login definition based on the type of authentication setup that your WebDAV server uses. For details, see Defining Users, Groups, and Logins on the SAS Metadata Server.

After you have created the WebDAV folders and have ensured that the appropriate user, group, and login definitions are created on the SAS Metadata Server, use the Xythos WFS WebDAV Administration interface to associate access controls with the folders. For an example of using the Administration interface with a portal publish and subscribe scenario, see Scenario: Using the Xythos Administration GUI and SAS User Management Customization with the Portal. For further details about the Xythos administration tools, refer to the product documentation.