SAS Federation Server must
be configured to use an Authentication Server.
When a user connects to SAS Federation Server to
access data, the user’s authenticating credentials are passed
to the Authentication Server for validation. Once
the credentials are validated, the Authentication Server
will identify the user based on the submitted credentials. SAS Federation Server
can then make requests to the Authentication Server
for information about the user, including logins and group membership.
If a user is authenticated but cannot be identified in the Authentication Server,
that user becomes a member of the PUBLIC group. All users that are
identified in the Authentication Server are members
of the USERS group.
Only individual user
objects and shared logins own outbound accounts. Groups, including
USERS and PUBLIC, cannot own accounts, including shared logins. If
a user is SYSTEM or ADMINISTRATOR, their personal credentials are
used to authenticate. SYSTEM and ADMINISTRATOR accounts are discussed
further in
Configuring Server Accounts.It is assumed that the Authentication Server
has been installed, configured and populated with user and group information
before running SAS Federation Server. For more information,
see the
Authentication Server Administrator’s
Guide.