 |
|
| Authentication Mechanisms |
Summary for Single Sign-On
There is no individual mechanism that provides end-to-end single sign-on (SSO). The following authentication processes are transparent:
-
Integrated Windows authentication (IWA) is based on previous authentication to your desktop and provides silent launch for SAS desktop applications (and, sometimes, silent access to the workspace server).
-
Web authentication is based on previous authentication to your Web realm and provides silent launch for SAS Web applications.
-
SAS token authentication requires a connection to the metadata server and provides silent access to most SAS servers.
-
Credential reuse and retrieval requires a connection to the metadata server and can provide silent access to any server.
Some configurations can interfere with SSO to back-end servers. This table summarizes the considerations:
| Feature | Front-end SSO | Back-end SSO | Notes |
|---|---|---|---|
|
Internal authentication |
![[caution icon]](images/caution.gif) |
|
An internal account can't participate in IWA or Web authentication. |
|
SAS token authentication |
|
![[checkmark icon]](images/check.gif) |
Facilitates SSO to most SAS servers. |
|
Integrated
Windows authentication |
|
|
Facilitates silent launch of desktop applications. If not fully configured, prevents SSO to a workspace server on Windows.1 |
|
Web
authentication |
|
|
Facilitates silent launch of Web applications. Prevents SSO to a standard (non-pooled) workspace server.1 |
|
Direct LDAP authentication |
|
|
Not compatible with silent launch. Prevents SSO to a workspace server.1 |
|
PAM |
|
|
Can help unify authentication. |
|
Credential Management |
|
|
Facilitates SSO to third-party servers and (in some configurations) workspace servers. |
| 1 Unless the server is configured for SAS token authentication or accessed using stored credentials. | |||
|
|
Copyright © 2011 by SAS Institute Inc., Cary, NC, USA. All rights reserved.