This guide explains how to modify the SAS Viya security settings to connect to the SAS Visual Analytics SDK. You need administrator credentials to make these changes using SAS Environment Manager.
Note: The configuration changes listed below should all be made to the global context, applying to all services. Restart all services after making the changes.
Enable Cross-Origin Resource Sharing
By default, your SAS Viya deployment is not set up to allow access to REST API endpoints from different domains. This is
needed in order to connect to SAS Viya from the domain that is hosting your HTML page. This domain needs to be added to the
allowOrigins property in SAS Viya deployment's CORS configuration. This can be done by following the Configure Cross-Origin Resource Sharing documentation. Note that the
allowedOrigins property does not support using the value
* to support all origins. You must explicitly add your domain or a list of domains.
Cross-Site Request Forgery
SAS Viya protects against Cross-Site Request Forgery (CSRF) by blocking requests where the HTTP Referer Header does not match the URI of the requested resource or the
allowedUris CSRF configuration property. The domain of the site using the SAS Visual Analytics SDK must be allowed in the CSRF configuration by setting
allowedUris to a regular expression that matches the domain. For example, the regular expression
.* will match all domains. See SAS Help Center for more information.
samesite=none on the response header. This is not the default for SAS Viya, so you must configure it to support the SAS Visual Analytics SDK. The
sameSite configuration option in the
sas.commons.web.security.cookies definition should be set to
None, and should be applied globally to all services. See SAS Help Center for more information.
Note: If you have enabled settings that block cookies in your web browser, then the SAS Visual Analytics SDK cannot authenticate with SAS Viya. Check your settings to make sure your web browser allows third-party cookies.
It is also a requirement that SAS Viya be accessed using the HTTPS protocol in order for web browsers to allow cross-site cookies to be set by SAS Viya. This requires that TLS (Transport Layer Security) be enabled on your SAS Viya deployment. See SAS Help Center for more information.
Allow guest access
The SAS Visual Analytics SDK has the option to connect to SAS Viya using guest authentication. This requires that SAS Viya be set up to enable guest access, and that the guest user has access to the appropriate report content and data. For more information, see SAS Help Center.