SAS 9.1.3 Integration Technologies » Server Administrator's Guide

Overview of Domains
Implementing Authentication
Host Authentication
Trusted Authentication Mechanisms
Alternative Authentication Providers
Defining Users, Groups, and Logins on the SAS Metadata Server
Implementing Authentication and Authorization for Xythos WFS WebDAV
Implementing Encryption
Setting Up Additional Server Security
Planning the Workspace and Stored Process Server Security
Spawner Security
Scenario: Spawner and Load-Balancing
Pooling Security
Scenario: Pooling
Load Balancing Security
Scenario: Load-Balancing Across Two Machines
Implementing Security in Client Applications

Overview of Domains

Within the host environment, SAS Open Metadata Architecture, and SAS Integration Technologies security, there are two types of domains used in basic security implementations. In addition, there is a third type of domain that is used for alternate authentication providers. In some cases, the domains names might be identical; however, it is important to distinguish between these different types of domains for the case where your implementation might require the different types of domains to be specified as different domain names.

Security domains used by or associated with an authentication provider
You can do both of the following:

  • define domains within the Windows operating system. For example, CARY and APEX.

  • when starting a server, specify a default domain to be used as the default security domain for the host operating system. For example, you might specify a default security domain APEX for the UNIX operating system; when a user connects without a domain, the domain APEX is used to locate the correct fully qualified user ID (in a login definition) on the SAS Metadata Server. For details, see Specifying Default Host Domains.

Authentication domains specified in the SAS Metadata Server resource definitions
Within the SAS Open Metadata Architecture, the authentication domain is a logical grouping that associates resources and logins (user credentials) together. An individual can use the same fully qualified user ID for any of the resources in the authentication domain.

Authentication provider domain
If you use an alternative authentication provider (such as LDAP or Microsoft Active Directory), you must specify an authentication provider domain in the user connection request. To authenticate to an alternative authentication provider (LDAP or Microsoft Active Directory), the connection request must specify an authentication provider domain that has been associated (on the server startup command AUTHPD option) with that authentication provider. For example, APEX\user@LDAP, where LDAP is the authentication provider domain. For details, see Specifying Authentication Provider and Default Domains.