AuthScheme
The type of authentication to use when connecting to remote services.
Possible Values
OneLogin, AwsRootKeys, SFTP, AwsEC2Roles, Negotiate, None, AwsIAMRoles, GCPInstanceAccount, ADFS, Digest, Okta, OAuthPassword, PingFederate, OAuthClient, AwsMFA, OAuthPKCE, AwsTempCredentials, Azure, AwsCredentialsFile, AzureAD, AzureMSI, AzureServicePrincipal, HMAC, OAuth, OAuthJWT, SharepointOAuth, BasicData Type
string
Default Value
"None"
Remarks
General
The following options are generally available to all connections:
- None: Uses no authentication.
- Basic: Uses Basic authentication with User and Password.
- Auto: Determines the right type of authentication to use based on the service. Local files and HTTP will use None.
HTTP
The following options are available when URI refers to a web service:
- Digest: Uses HTTP Digest authentication with User and Password.
- NTLM: Uses NTLM authentication with User and Password set to your Windows credentials.
- Negotiate: Negotiates with the server to determine an authentication scheme. Typically used with Kerberos, which requires KerberosKDC, KerberosRealm and KerberosSPN.
- OAuth: Uses either OAuth1 or OAuth2, with the specific flow being determined by the OAuthGrantType. OAuthVersion must be set to determine what version of OAuth is used.
- OAuthJWT: Uses OAuth2 with the JWT bearer grant type. OAuthJWTCertType and OAuthJWTCert determine what certificate the JWT is signed with. OAuthVersion must be set to 2.0.
- OAuthPassword: Uses OAuth2 with the password grant type. User and Password are the credentials. OAuthVersion must be set to 2.0.
- OAuthClient: Uses OAuth2 with the client credentials grant type. OAuthClientId and OAuthClientSecret are the credentials. OAuthVersion must be set to 2.0.
- OAuthPKCE: Uses OAuth2 with the authorization code grant type and PKCE extension. OAuthClientId is the credential. OAuthVersion must be set to 2.0.
- SSL: Uses SSL client certificates to authenticate. Requires that URI be set to an HTTPS URL and that SSLClientCert and SSLClientCertType be set.
AWS
The following options are also available when URI points to an Amazon service:
- AwsRootKeys: Set this to use the root user access key and secret. Useful for quickly testing, but production use cases are encouraged to use something with narrowed permissions.
- AwsIAMRoles: Set to use IAM Roles for the connection.
- AwsEC2Roles: Set this to automatically use IAM Roles assigned to the EC2 machine the CData JDBC Driver for SAS Xpt is currently running on.
- AwsMFA: Set to use multi factor authentication.
- OKTA: Set to use a single sign on connection with OKTA as the identify provider.
- ADFS: Set to use a single sign on connection with ADFS as the identify provider.
- AzureAD: Set to use a single sign on connection with AzureAD as the identify provider.
- AwsTempCredentials: Set this to leverage temporary security credentials alongside a session token to connect.
- AwsCredentialsFile: Set to use a credential file for authentication.
Azure
The following options are also available when URI points to an Azure service:
- AzureAD: Set this to perform Azure Active Directory OAuth authentication.
- AzureServicePrincipal: Set this to authenticate as an Azure Service Principal.
- AzureMSI: Set this to automatically obtain Managed Service Identity credentials when running on an Azure VM.
SharePoint
The following options are also available when URI points to a SharePoint SOAP service:
- OKTA: Set to use a single sign on connection with OKTA as the identify provider.
- ADFS: Set to use a single sign on connection with ADFS as the identify provider.
- OneLogin: Set to use a single sign on connection with OneLogin as the identify provider.
- PingFederate: Set to use a single sign on connection with PingFederate as the identify provider.
IBM Cloud Object Storage
The following options are also available when URI points to a IBM Cloud Object Storage service:
- OAuth: Uses either OAuth with the specific flow being determined by the InitiateOAuth. ApiKey must be set to successfully complete this flow.
- HMAC: Uses AccessKey and SecretKey to authenticate to the IBM Cloud Object Storage service.