Alternative Methods of Authentication

Overview
How SPD Server Performs Alternative Authentication

Overview

An enterprise computing environment usually contains a collection of business software solutions that are sold as a platform, and applied across an organization and further customized to specific areas. Platform services come with their own authentication processes and password management systems. When SPD Server is added to such an environment, it brings its own authentication process and password management system, which means the administrator has to maintain two sets of user IDs, one for SPD Server and another for the platform services. Additionally, disparate user ID and password management tools can have incongruous requirements. For example, SPD Server password lengths must be 6–8 characters in length, whereas the password length requirements for a given enterprise platform can range anywhere from 6 characters to 64 or more characters, allowing for stronger passwords.
One solution is to leave all SPD Server authentication to the enterprise platform. By integrating SPD Server user IDs and passwords with the framework of the platform's authenticator, the SPD Server administrator must maintain only one set of user IDs and passwords.

How SPD Server Performs Alternative Authentication

SPD Server performs alternative authentication in the following way:
  1. SPD Server user issues a LIBNAME statement from SAS.
  2. The SPD Server client passes the LIBNAME request to the SPD Server host, including user name and password information provided in the body of the LIBNAME statement.
  3. SPD Server forwards the request to the external or alternative authenticator. The alternative authenticator (for example, SAS Metadata Server or LDAP) verifies whether the user account is in good standing, and ensures that all authentication policies (such as a password expiration date) are in force.
  4. If the alternative authenticator finds the user account is in good standing, the SPD Server host is signaled. The SPD Server host then looks up the user in the SPD Server password manager database to apply SPD Server-specific attributes (such as SPD Server access rights, groups and group membership) to the user’s permissions.
  5. Following authentication, SPD Server allows the user access and rights as indicated by the information contained in the password manager database.
Copyright © SAS Institute Inc. All rights reserved.