In this video, Stuart Rogers from SAS presents an overview of Kerberos constrained delegation with SAS Viya 3.5. This presentation includes an explanation of what Kerberos constrained delegation is and what is supported with SAS Viya 3.5, as well as a process flow demonstrating the use of Kerberos constrained delegation.

Stuart Rogers has been at SAS for over 10 years and focuses on security topics with SAS, especially authentication and encryption.

Content Outline
00:00 – Kerberos Constrained Delegation: Expectations
00:45 – Kerberos Constrained Delegation Defined
01:44 – Kerberos Constrained Delegation Types
* Traditional
* Resource Based
03:31 - What is Supported with SAS Viya 3.5
05:39 - Example Use-Case for Kerberos Constrained Delegation - User interacts with SAS Studio 5.2 (Enterprise)
* To start with our user access SAS Studio 5.2 (Enterprise)
User authenticates using Kerberos to SAS Logon Manager and requests SAS Studio 5.2 (Enterprise)
SAS Launcher Service (microservice) triggers a S4U2self request
The S4U2self response is a Service Ticket for HTTP as if from the user
SAS Launcher Service (microservice) triggers a S4U2proxy request using the Service Ticket from the S4U2self response
The S4U2proxy response contains the Service Ticket for sas-launcher for the user
SAS Launcher Service (microservice) uses the Service Ticket for sas-launcher to start the SAS Compute Server session as the user
The SAS Compute Server responds to the SAS Compute Service
SAS Studio 5.2 (Enterprise) responds to the user
* SAS Studio 5.2 (Enterprise) user launches a CAS session
User enters code in SAS Studio 5.2 (Enterprise): "cas mysession;"
SAS Studio 5.2 (Enterprise) submits code to the SAS Compute Server session requesting launch of a CAS session
SAS Compute Server session triggers a S4U2proxy request using the Service Ticket acquired during session launch
The S4U2proxy response contains the Service Ticket for sascas for the user
SAS Compute Server session uses the Service Ticket for sascas to start the CAS session as the user
The CAS session responds to the SAS Compute Server session
SAS Compute Server session responds to SAS Studio 5.2 (Enterprise)
SAS Studio 5.2 (Enterprise) responds to the user
* SAS Studio 5.2 (Enterprise) user writes code that gets CAS to process data
User enters code requesting CAS process data
SAS Studio 5.2 (Enterprise) submits code to the SAS Compute Server session
SAS Compute Server session requests CAS session to process data
CAS session controller triggers a S4U2proxy request using the Service Ticket acquired during session launch
The S4U2proxy response contains the Service Ticket for MSSQLSvc for the user
CAS session controller uses the Service Ticket for MSSQLSvc to authenticate and request data from MS SQL Server
MS SQL Server responds to the CAS session
CAS session processes data and responds to the SAS Compute Server session
SAS Compute Server session responds to SAS Studio 5.2 (Enterprise)
SAS Studio 5.2 (Enterprise) responds to the user
10:35 – Additional Resources on Kerberos Constrained Delegation

Related Resource
◉ SAS Viya 3.5 Kerberos Constrained Delegation: Putting the Dog on a Leash – [ Ссылка ]
◉ SAS Viya 3.5 Kerberos Troubleshooting – [ Ссылка ]


SUBSCRIBE TO THE SAS USERS YOUTUBE CHANNEL #SASUsers #LearnSAS
[ Ссылка ]

ABOUT SAS
SAS is a trusted analytics powerhouse for organizations seeking immediate value from their data. A deep bench of analytics solutions and broad industry knowledge keep our customers coming back and feeling confident. With SAS®, you can discover insights from your data and make sense of it all. Identify what’s working and fix what isn’t. Make more intelligent decisions. And drive relevant change.

CONNECT WITH SAS
SAS ► [ Ссылка ]
SAS Customer Support ► [ Ссылка ]
SAS Communities ► [ Ссылка ]
SAS Analytics Explorers ► [ Ссылка ]
Facebook ► [ Ссылка ]
Twitter ► [ Ссылка ]
LinkedIn ► [ Ссылка ]
Blogs ► [ Ссылка ]
RSS ► [ Ссылка ]

свернуть