SAS 9.1.3 Integration Technologies » Developer's Guide


SAS BI Web Services

Securing SAS BI Web Services for Java

In order for SAS BI Web Services for Java to look up stored processes in the SAS Metadata Server, it must first authenticate to a metadata server. A Web service can pass a set of credentials to the SAS Metadata Server to use for authentication. This is defined as SAS Metadata Server host authentication because the host running the SAS Metadata Server will perform the authentication. Otherwise, a Web service can enable a Web container to perform the authentication against an incoming client's credentials via basic authentication semantics, and then connect to the SAS Metadata Server in a trusted configuration. This is defined as trusted authentication because the Web container performs the authentication against an incoming client's credentials and the middle tier connects to the SAS Metadata Server using a set of trusted credentials. The Web container then performs trusted authentication on behalf of the authenticated Web user.

For host authentication (auth_mechanism=host), the client's credentials must be specified in the SOAP message body as UserName, Password, and Domain properties. Alternatively, you can specify default or guest credentials as the following configuration properties: default_user, default_password, and default_domain. These credentials are used to authenticate to a SAS Metadata Server to determine what stored processes a user can run as well as how and where they are executed.

For trusted authentication (auth_mechanism=trusted), a Web container will perform basic authentication. You will need to add privileged users to the webuserRole role (or to the webuserGroup group, if you are using BEA WebLogic). After the Web tier has successfully authenticated an incoming client, the client's principal name is then used to connect to the SAS Metadata Server in a trusted configuration. For trusted authentication to succeed, a SAS Metadata Server user login must exist for this client with the appropriate user ID and trusted authentication domain (trusted_domain). See Changing to Trusted Web Authentication in the SAS Intelligence Platform: Web Application Administration Guide for additional instructions on setting up a trusted configuration.