Connecting to CAS using swat in R results to SSL error

[tlkoh0727]

Hi,

Trying to connect to CAS from R studio. But encountering SSL errors.

We installed the trustedcerts.pem from the viya server to the Trusted Root Certification Authority of the desktop. Also added System environment variable CAS_CLIENT_SSL_CA_LIST.

Below are the code and log:

library(swat) Sys.setenv(CAS_CLIENT_SSL_CA_LIST="C:/Users/41274/R and Python Enablement/trustedcerts.pem") conn_binary <- CAS('mpviyaorccs01.mbtc.mgc.local', 5570, username="", password="XXXXXXXX") [1] "ERROR: The TCP/IP negClientSSL support routine failed with error 32760 (An unexpected error has occurred. Error number is 32760.), Port 5570, Host 10.131.4.22" [1] "ERROR: Failed to connect to host 'mpviyaorccs01.mbtc.mgc.local', port 5570." Error in ans@ref : no applicable method for @ applied to an object of class "NULL" Sys.time() [1] "2023-06-22 16:43:25 CST" conn_binary <- CAS('mpviyaorccs01.mbtc.mgc.local', 5570, protocol='https', "", password="XXXXXXXX") Error in curl::curl_fetch_memory(url, handle = handle) : schannel: failed to receive handshake, SSL/TLS connection failed Sys.time() [1] "2023-06-22 16:43:29 CST" conn_rest <- CAS('mpviyaorccs01.mbtc.mgc.local', 8777, protocol='https', "", password="XXXXXXXX") Error in doTryCatch(return(expr), name, parentenv, handler) : https://mpviyaorccs01.mbtc.mgc.local:8777/cas/sessions : HTTP/1.1 401 Unauthorized Sys.time() [1] "2023-06-22 16:43:35 CST"

Appreciate any advise. Thanks

[bkemper24]

I'm not yet sure what the problem is with your first attempt, still investigating.

For your second attempt, it appears you are specifying the binary port (5570), but attempting to use the http protocol. This will not work. You need to specify the http port (8777) if you are using protocol="https" ( this looks like what you did try in your third attempt )

For your third attempt, it looks like you did correct the port number for https. In this attempt, you are not getting an SSL error. The "401 Unauthorized" is actually complaining about the value you have specified for password. Since you are not specifying a username, are you trying to use an OAuth token here ? Is the token valid? or perhaps it has expired ?

Looks like you are running on Windows - is that correct ? What version of R and what version of swat are you using ?

[tlkoh0727]

Hi @bkemper24

Please find below for my response:

I'm not yet sure what the problem is with your first attempt, still investigating.

For your second attempt, it appears you are specifying the binary port (5570), but attempting to use the http protocol. This will not work. You need to specify the http port (8777) if you are using protocol="https" ( this looks like what you did try in your third attempt )

tlkoh0727: For this one we also used https protocol

For your third attempt, it looks like you did correct the port number for https. In this attempt, you are not getting an SSL error. The "401 Unauthorized" is actually complaining about the value you have specified for password. Since you are not specifying a username, are you trying to use an OAuth token here ? Is the token valid? or perhaps it has expired ?

tlkoh0727: For this third attempt, we also used username and password here. we just masked it so it wont appear here.

Looks like you are running on Windows - is that correct ? What version of R and what version of swat are you using ?

tlkoh0727: Correct this is Windows while we are connecting on a CAS server in Linux. Let me get back on the exact version of R on Monday once we are back in office. But based on what I remember it is R 4.3.0. Swat version is 1.6.0

To add, is it correct that we used the trustedcerts.pem? It is the one located in the SAS Viya server /opt/sas/viya/config/etc/SASSecurityCertificateFramework/cacerts/

[bkemper24]

For your third scenario, if you are specifying a username and password then the 401 response indicates that the cas server was not able to validate the username and password you provided. You might find more information about why the server could not validate the username and password in the cas server log .

I know you can use the .pem file for the CAS_CLIENT_SSL_CA_LIST environment variable. I'm not sure about using it for the Windows Trusted Root Certification Authorities.