WWW.ABSTRACT.DISLIB.INFO
FREE ELECTRONIC LIBRARY - Abstracts, online materials
 
<< HOME
CONTACTS



Pages:   || 2 |

«Enabling Unchallenged Access in the SAS Information Delivery Portal September, 2009 Enabling Unchallenged Access in the SAS Information Delivery ...»

-- [ Page 1 ] --

Enabling Unchallenged Access in the SAS Information Delivery Portal September, 2009

Enabling Unchallenged Access in the

SAS Information Delivery Portal

Overview

Unchallenged access to the 4.2 SAS Information Delivery Portal, via a 9.1.3 style Public Kiosk, provides a user access to

the SAS Information Delivery Portal and thus to SAS content without receiving an authentication challenge. The user can

access the SAS Information Delivery Portal in this way by going to a special URL, such as http://host/SASPortal/public.

When the SAS Information Delivery Portal receives this request, it creates a real user session and allows the unchallenged user to see SAS content as if they had logged onto the system.

Several changes were made to the SAS Information Delivery Portal user interface to accommodate unchallenged access.

These changes are only visible to when the unchallenged user accesses the SAS Information Delivery Portal. The Options dropdown menu will not be displayed on the title bar. The Search menu item will be displayed on the title bar by default. It can be removed by setting a configuration property. The Log Off user menu item will be displayed on the title bar by default. It can optionally be removed or replaced with a Log On menu item by setting a configuration property.

When the unchallenged user is finished interacting with the SAS Information Delivery Portal, they can choose to log out, log into the SAS Information Delivery Portal as an existing user, let the session timeout, or close the browser. Selecting the log on menu item will take the user to the SAS Logon Manager. If a user has an account in the deployment, they can skip the public content and directly log on to the SAS Information Delivery Portal by going to another URL; for example, http://host/SASPortal. This will utilize the standard log on process.

This document outlines the steps required to convert a 4.2 SAS Information Delivery Portal deployment to support unchallenged access. Unchallenged access is delivered as part of 9.2, maintenance 2. See the Out-of-the-Box Deployment section for the process of converting a new 9.2 deployment to support unchallenged access. See the Migration Deployment section for the process of converting a 9.2 deployment, migrated from an existing 9.1.3 Public Kiosk deployment, to support unchallenged access.

Copyright © 2009 SAS Institute Inc. All Rights Reserved. Page 1 of 10 Enabling Unchallenged Access in the SAS Information Delivery Portal September, 2009 Security Considerations In the SAS 9.2 release, all Web applications use a common security architecture provided by the SAS Web Infrastructure Platform. Two cornerstones of this architecture are prompting a user for credentials and routing requests through Web application filters to validate a user’s security token before allowing access to content. Enabling unchallenged access to the SAS Information Delivery Portal removes one of these cornerstones, so it should only be enabled when other strategies do not work. When enabled, a greater share of the security burden falls on the site administrator to thoroughly review the content surfaced to unchallenged users, to understand how the content surfaced utilizes SAS backend servers, and to make sure the content and its behavior are appropriate.

Unchallenged access is a product-specific capability in the SAS Information Delivery Portal. As with previous implementations, the unchallenged user cannot be differentiated from a challenged user, one who logged in using the SAS Logon Manager, by other Web applications in the SAS suite of Web applications. It is important to apply this knowledge when determining what type of content to surface through the unchallenged user. There are a number of potential security concerns that can be addressed by limiting the content displayed during unchallenged access. Two examples from a SAS Enterprise BI Server deployment are listed below.

Any application or portlet that allows a user to save data should not be surfaced to unchallenged users unless the unchallenged user base is known. Some applications may support configuration options to disable the ability to save data. When unchallenged access is configured, the SAS Information Delivery Portal does not allow the unchallenged user to modify pages or edit portlets. The following SAS content types may launch applications that allow a user to save data and thus the security ramifications of doing this should be considered.

BI Dashboard – The default application configured for viewing dashboards, SAS BI Dashboard, can be configured to allow users to administer dashboards. By default, the unchallenged user is not an administrator; this behavior should be maintained. See the instructions in the Configure the Unchallenged User section for details.

Information Maps and Data Exploration – The default application configured for viewing information maps and data explorations, the Visual Data Explorer, allows the unchallenged user to create new data explorations and save them to the unchallenged user’s My Folder and any other Folders they have been granted permission to in the SAS Metadata Server.

Report – The default application configured for viewing reports, SAS Web Report Studio, allows the unchallenged user to save reports to the unchallenged user’s My Folder and any other Folders they have been granted permission to in the SAS Metadata Server. SAS Web Report Studio can be configured to prevent a user from saving reports. See the instructions in the Configure the Unchallenged User section for details.





Any content, application, or portlet that allows a user to interact with the SAS server tier should be reviewed before it is surfaced to unchallenged users, unless the unchallenged user base is known. This includes accessing data, especially with unbounded queries, or submitting code for processing. Dashboards, information maps, data explorations, reports, and stored processes are examples of content that utilize the SAS Server tier. They may also be configured to launch applications that allow a user to interact with the SAS Server tier.

The security considerations that apply to the SAS Enterprise BI Server also apply to SAS Solutions that enhance the SAS Information Delivery Portal with portlets and content.

In the 9.2 release of SAS software, WebDAV services are provided by the SAS Content Server.

The mechanisms for securing content in the SAS Content Server are different than those in the Xythos WebDAV server used by the 9.1.3 release. The unchallenged user is treated as a normal user by the SAS Content Server. This means that any content that

jcr:authenticated allows READ access to will be visible to the unchallenged user. See the SAS 9.2 Intelligence Platform:

Web Application Administration Guide for details on implementing authorization in the SAS Content Server.

–  –  –

Out-of-the-Box Deployment The following process outlines the steps required to convert a new 9.2 deployment to support unchallenged access.

These instructions assume:

 The deployment uses host authentication. Unchallenged access will work with other authentication schemes, but that process is not documented.

 The unchallenged access content will be managed by the SAS Guest User using the sasguest login. Unchallenged access will work for other users, but that process is not documented.

 The instructions are based on, but not limited to, a Windows deployment.

Install SAS 9.2, maintenance 2

1. Install SAS 9.2 maintenance 2.

2. Validate the new deployment.

3. Stop the Web application server, Remote Services application, and SAS servers.

4. Backup the deployment.

Configure the Unchallenged User

1. Create the operating system user account for the SAS Guest User, for example sasguest, if it does not exist. See the SAS 9.2 Intelligence Platform: Installation and Configuration Guide for details.

2. Start the SAS servers and Remote Services application. Important Note: Do not start the Web application server.

3. Use the SAS Management Console to create the SAS Guest User.

3.1. Log on as the administrative user, for example sasadm@saspw.

3.2. On the Plug-ins tab, right-click on the User manager and then select the New → User menu item.

3.3. On the General tab, set the Name to sasguest and the Display Name to SAS Guest User.

3.4. Select the Accounts tab and then select the New button to create the primary login. The User ID should be the operating system account created in the first step. For example, sasguest. The Password should be left blank.

The Authentication Domain should be the default domain used by other portal users. For example, DefaultAuth. Select the New button to create a second login. The User ID should be the same as the first login.

For example, sasguest. The Password should be left blank. Create a new, unique Authentication Domain that will only be used by this login. For example, IDPUnchallengedAccess.

4. If dashboards are available for unchallenged access, make sure the SAS Guest User and the PUBLIC and SASUSERS groups are not members of the BI Dashboard Administrators group. See the SAS 9.2 Intelligence Platform: Web Application Administration Guide for details on administering security for SAS BI Dashboard.

5. If reports are available for unchallenged access, make sure the SAS Guest User and the PUBLIC and SASUSERS groups are not members of either the Web Report Studio: Report Creation or Web Report Studio: Advanced roles. See the SAS 9.2 Intelligence Platform: Web Application Administration Guide for details on roles in SAS Web Report Studio.

6. Important Note: Do not log on to the Information Delivery Portal using the SAS Guest User at this time. Doing so will create group shared pages and page from page templates. If pages are created with a persistent store, it is difficult to remove them from the SAS Guest User’s page list.

Configure the SAS Information Delivery Portal Web Application for Unchallenged Access

1. Edit SASHOME\SASInformationDeliveryPortal\4.2\Configurable\wars\sas.portal\WEB-INF\web.xml.orig.

1.1. Locate the following filter-mapping entry in the web.xml.orig file:

–  –  –

1.3. To reduce the amount of memory consumed by unchallenged users who are no longer using the Information Delivery Portal, the servlet timeout should be reduced. Locate the following session-config entry in the

web.xml.orig file:

session-config session-timeout30/session-timeout /session-config and change the session-timeout entry to reduce the number of minutes it takes for an unused session to time out, for example 10.

1.4. Save the web.xml.orig file when finished.

Rebuild and Redeploy the SAS Information Delivery Portal EAR File In the previous section, changes were made to the web.xml.orig file in the SAS installation directory. In order to make these changes available, the SAS Information Delivery Portal Web application must be rebuilt and redeployed.

1. Stop the Web application server if it is running.

2. Rebuild the Information Delivery Portal Web application using the SAS Deployment Manager. See the SAS 9.2 Intelligence Platform: Web Application Administration Guide for details on rebuilding Web applications.

2.1. Run the SAS Deployment Manager, for example C:\Program Files\SAS\SASDeploymentManager\9.2\config.exe.

2.2. After choosing the runtime language, select the Rebuild Web Applications radio button.

2.3. Select or enter your Configuration Directory.

2.4. Enter the unrestricted user ID and password, for example sasadm@saspw.

2.5. Check the Information Delivery Portal.

3. Redeploy the Information Delivery Portal Web application using the instructions documented in the SAS 9.2 Intelligence Platform: Web Application Administration Guide.

4. Important Note: Do not log on to the Information Delivery Portal using the SAS Guest User at this time. Doing so will create group shared pages and page from page templates. If pages are created with a persistent store, it is difficult to remove them from the SAS Guest User’s page list.

–  –  –

Configure SAS Information Delivery Portal Metadata for Unchallenged Access To simplify management of unchallenged access, most configuration properties are stored in the SAS Metadata Server.

These properties can be changed at any time after unchallenged access is enabled, but the SAS Information Delivery Portal Web application must be stopped and restarted in order for the changes to take effect.

1. Stop the Web application server if it is running. The metadata created in this section is loaded into the SAS Information Delivery Portal Web application at startup time.

2. Use the SAS Management Console to add unchallenged access configuration properties to the SAS Metadata Server.

2.1. Log on as the administrative user, for example sasadm@saspw.

2.2. On the Plug-ins tab, expand Application Management, and then expand Configuration Manager.

2.3. Right-click on Information Delivery Portal 4.2 and then select the Properties menu item.

2.4. Select the Advanced tab and add the following name / value pairs:

–  –  –

Important Note: If the SAS Information Delivery Portal configuration is removed for any reason, the unchallenged access configuration properties will also be removed. After the SAS Deployment Wizard has reconfigured the SAS Information Delivery Portal, follow the instructions in this section to reset them.

Create Content for Unchallenged Access When an unchallenged user accesses the Information Delivery Portal using the public URL, the will see all of the pages in the unchallenged user’s page list.

1. Start the Web application server.

2. Log on to the Information Delivery Portal as the SAS Guest User, for example sasguest.

3. See the SAS 9.2 Intelligence Platform: Web Application Administration Guide for details on adding content to the Information Delivery Portal.

4. Review the SAS Guest User’s pages and make sure the content displayed is appropriate for public access.



Pages:   || 2 |


Similar works:

«To print a blank form, check here: Print Clear WellsTrade® Option Account Information and Agreement Account Number Sub Firm # Doc Code Account Number (Client to complete-Required) New 205 WTOPT Update (Office Use Only) Before proceeding, Review the Step by Step Guide on Page 5. ACCOUNT INFORMATION Account Type: (Choose one) Individual Limited Liability Company Traditional/Roth IRA Bank/Trust Company/Credit Union DVP Sole Proprietorship Estate SEP IRA SIMPLE IRA...»

«UNDERSTANDING VAGUENESS: IN A COMMONSENSE WAY by Patrick Byrd A thesis submitted to the Faculty of the University of Delaware in partial fulfillment of the requirements for the degree of Honors Bachelor of Arts in Philosophy with Distinction Spring 2013 © 2013 Patrick Byrd All Rights Reserved UNDERSTANDING VAGUENESS IN A COMMONSENSE WAY by Patrick Byrd Approved: Richard M. Hanley, Ph.D Professor in charge of thesis on behalf of the Advisory Committee Approved: Joel Pust, Ph.D Committee...»

«Glued to the TV: Distracted Retail Investors and Stock Market Liquidity Joel PERESS and Daniel SCHMIDT* March 1, 2015 ABSTRACT We investigate how distraction affects the trading behavior of retail investors, and ultimately market liquidity. Exploiting episodes of sensational news exogenous to the stock market, we first document that investors stop trading altogether when they are distracted. We report further that these effects are more pronounced for more overconfident–i.e., single-male and...»

«BANKERS’ PAY AND EXTREME WAGE INEQUALITY IN THE UK Brian Bell a and John Van Reenenb April 2010 Abstract It is well known that the distribution of income in the United Kingdom has widened considerably in the last three decades. This rise has been a result of a widening at both the top and bottom of the wage distribution. More recently, most of the action appears to have occurred at the top of the distribution with lower wage workers keeping pace with the median. This paper explores this...»

«Canadian Council of Ministers of the Environment CANADA-WIDE STANDARDS for PARTICULATE MATTER (PM) and OZONE Endorsed by CCME Council of Ministers, June 5-6, 2000, Quebec City 1 of 10 Canada-wide Standards for Particulate Matter (PM) and Ozone CANADA-WIDE STANDARDS for PARTICULATE MATTER (PM) and OZONE These Canada-Wide Standards (CWSs) for particulate matter (PM) and ozone are established pursuant to the 1998 Canada-wide Accord on Environmental Harmonization of the Canadian Council of...»

«CYNTHIA CARON Department of International Development, Community and Environment Clark University, 950 Main Street, Worcester, MA 01610 CCaron@clarku.edu ACADEMIC EXPERIENCE: Assistant Professor, International Development and Social Change, (August 2013 to present) Undergraduate Program Coordinator, International Development and Social Change (August 2013 to present) Visiting Assistant Professor, International Development and Social Change, (August 2012 to May 2013) Post-doctoral Associate,...»

«Because they’re worth it. Scenarios and benefits of infrastructure investments Master thesis Maarten ‘t Hoen Because they’re worth it. Research on the influence of scenario components on benefits of infrastructure investments October 2012 Author Committee M.J.J. ‘t Hoen dr. ing. K.T. Geurs dr. ir. B. Zondag dr. T. Thomas This document presents the research performed for the completion of the Master study Civil Engineering & Management (discipline Traffic Engineering & Management),...»

«Liquidity and Prediction Market Efficiency Paul C. Tetlock* March 2008 Abstract I investigate the relationship between liquidity and market efficiency using data from short-horizon binary outcome securities listed on the TradeSports exchange. I find that liquidity does not reduce—and sometimes increases—deviations of prices from financial and sporting event outcomes. One explanation is that limit order traders are naïve about other traders’ knowledge and unwittingly bet against them,...»

«ANALELE UNIVERSITĂŢII DIN ORADEA RELAŢII INTERNAŢIONALE ŞI STUDII EUROPENE TOM VI ANALELE UNIVERSITĂŢII DIN ORADEA SERIA: RELAŢII INTERNAŢIONALE ŞI STUDII EUROPENE SCIENTIFIC COMMITTEE: EDITORIAL STAFF: Editor-in-Chief: Mircea BRIE (Oradea) Enrique BANUS (Barcelona) Associate Editor: Ioan HORGA (Oradea) Iordan Ghe. BĂRBULESCU (Bucureşti) Executive Editor: Florentina CHIRODEA (Oradea) Gabriela Melania CIOT (Cluj-Napoca) Georges CONTOGEORGIS (Atena) Members: Vasile CUCERESCU...»

«Raising Capital When the Going Gets Tough: U.S. Bank Equity Issuance from 2001 to Lamont Black, Ioannis Floros and Rajdeep Sengupta June 2016 RWP 16-05 Raising Capital When the Going Gets Tough: U.S. Bank Equity Issuance from 2001 to 2014 Lamont Black DePaul University Ioannis Floros Iowa State University Rajdeep Sengupta Federal Reserve Bank of Kansas City First draft: June 2016 We analyze equity issuance by publicly-traded U.S. banks during 2001-2014 through exchanges (SEOs), private...»

«Primrose Studio Frequently Asked Questions Facility Q: What hours can Primrose Studio be reserved? A: Primrose Studio is available Tuesday through Saturday from 8 a.m. – 10 p.m. It is closed on these official holidays: New Year’s Day, Memorial Day, Independence Day, Labor Day, Veteran’s Day, Thanksgiving Day, and Christmas Day. Primrose Studio is closed on Sundays and Mondays. Q: How many people can the space accommodate? A: Most comfortably, the space accommodates 30 people in any...»

«© [Regd. No. TN/CCN/467/2012-14 [R. Dis. No. 197/2009. GOVERNMENT OF TAMIL NADU [Price : Rs. 3.20 Paise. TAMIL NADU GOVERNMENT GAZETTE PUBLISHED BY AUTHORITY No. 36] CHENNAI, WEDNESDAY, SEPTEMBER 17, 2014 Purattasi 1, Jaya, Thiruvalluvar Aandu – 2045 Part VI—Section 3(a) Notifications issued by cost recoverable institutions of State and Central Governments. NOTIFICATIONS BY HEADS OF DEPARTMENTS, ETC. CONTENTS Pages. Pages. JUDICIAL NOTIFICATIONS 90-96 Insolvency Petitions.......»





 
<<  HOME   |    CONTACTS
2017 www.abstract.dislib.info - Abstracts, online materials

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.