Administering SAS BI Web Services |
A default installation of SAS BI Web Services for Java or .NET is not highly secure. The default security mechanism is SAS authentication. All requests and responses are sent as clear-Text. If users want to authenticate as a specific user, then they can send a user name and password as clear-Text as part of the WS-Security headers. Authentication is performed by authenticating client credentials at the SAS Metadata Server. Whenever user names and passwords must be sent as clear-Text, SSL should be enabled to provide transport layer security.
If you want to use SSL and the Deploy as Web Service Wizard to communicate with a server, then you need to enable SSL. In order to enable SSL, follow these steps:
Create a Java keystore on the local machine and import the server certificate of the server that you want to communicate with. For more information about how to perform this step, see http://java.sun.com/j2se/1.5.0/docs/tooldocs/windows/keytool.html.
Pass the keystore location and password into SAS Management Console using Java JVM arguments. The arguments that need to be set are:
javax.net.ssl.trustStore= "fully qualified path to keystore created with keytool from step 1" javax.net.ssl.trustStorePassword= "trust store password"
To complete this step, add the following JavaArgs arguments to the sasmc.ini file, which is found at C:/Program Files/SAS/SASManagementConsole/9.2:
JavaArgs_14=-Djavax.net.ssl.trustStore = "fully qualified path to keystore created with keytool from step 1" JavaArgs_15=-Djavax.net.ssl.trustStorePassword = "trust store password"
If you are using XMLA Web services or generated Web services, an anonymous user can be configured. The anonymous Web user is configured during SAS Deployment Wizard configuration. Anonymous users cannot use the Web Service Maker; credentials must always be provided to use the Web Service Maker. If you are using XMLA Web services, you can pass user credentials as XMLA properties in the payload.
SAS BI Web Services can be secured by using Web authentication. This provides a way for SAS BI Web Services to identify the calling user by using basic Web authentication. The following two types of Web authentication can be configured:
WS-Security message-level security
HTTP transport-level security
Note: Web authentication can be used with both XMLA Web services and generated Web services but cannot be used with the Web Service Maker Web service. The Web Service Maker must be able to authenticate one-time-passwords that are generated by SAS Management Console clients.
SAS BI Web Services for .NET can be secured by using Web Services Enhancements 3.0 for Microsoft .NET, which enables support for the latest security and interoperability standards for Web services. For detailed information about using Web Services Enhancements 3.0, WS-Security, and WS-Policy to secure SAS BI Web Services, see Securing SAS BI Web Services for .NET. The current release of SAS BI Web Services for Java does not support WS-Policy.
Copyright © 2010 by SAS Institute Inc., Cary, NC, USA. All rights reserved.