Re: After installing QV11SR2 and https certificate... - Page 2 - Qlik Community

Report Inappropriate Content · ‎2012-12-11

As the question says, after installing QV11SR2 and https certificate, alternate login page (web form) only allows server admins. Default login page (browser authentication) works as normal. Anyone get this? The only other manual change made after the upgrade was to tick on https on port 443.

Thanks

Report Inappropriate Content · ‎2013-02-06

It is not essential, true, but we have always had a landing page, with our logo, disclaimer and terms of use. Also the pop up login does not fuction the same way for all browsers, for example we had issues with IE9 (would prompt the login twice) and on the ipad. Laslty for some reason we are not sure yet, if you go through the pop up login the 'logout' link disappears when the access point page loads.

Laslty its because I have to explain why the patch is making us change the login page, and saying 'cause it seems that in our case its not working, I can't point to a reason' is not easily accepted by the systems guys, and that's mainly why I am asking here. Eventually if this remains unanswered we will probably go to the popup login option.

Report Inappropriate Content · ‎2013-02-06

Same here. The reason why we are using the alternate login page is to get the logout link.

Note: We are using NTFS/NTLM instead of DMS.

Report Inappropriate Content · ‎2013-02-12

Could it be that the QV server is authenticating against the server itselft and not Active Directory? So, it only allows administrators and not the rest of the users?

Also, do we need to change anything in code for the QV server to authenticate using AD? The path for the AD server has been set in the settings already.

Report Inappropriate Content · ‎2013-02-28

I have the same issue here. QV11SR2, QlikView Webserver, no https, AD for authentication.

If the web server authentication is set to Default login page (browser authentication), everybody who has a CAL assigned is automatically logged in and can see the QV Apps which the user is allowed to see (section access).

If authentication is changed to Alternate login page (web form) only users which are in the group Administrators on the QlikView server can log in (with DOMAIN\userid as user name).

Other users don't see any error message, they come straight back to the login page.

In the webserver's log files I see this:

Information	Login: DOMAIN\userid failed.
Error	Request failed: This operation cannot be performed after the response has been submitted.

No difference if you use chrome or IE.

So this is really awkward - because there are absolutely no problems using browser authentication but if the same (non admin) users use the login page the authentication fails.

Any ideas?

Thanks

Bill_Britt · ‎2013-02-28

The feature you are trying to use isn't for Windows authentication. It is for Customer Users feature. If you look at section 23 of the QVS reference manual.

Bill

Bill - Principal Technical Support Engineer at Qlik
To help users find verified answers, please don't forget to use the "Accept as Solution" button on any posts that helped you resolve your problem or question.

Report Inappropriate Content · ‎2013-02-28

Hi Bill,

I don't really understand your answer. What does section 23 (Edit Script Dialog) have to do with our problem?

Vagos

Bill_Britt · ‎2013-02-28

Check out the attached reference manual.

Bill - Principal Technical Support Engineer at Qlik
To help users find verified answers, please don't forget to use the "Accept as Solution" button on any posts that helped you resolve your problem or question.

Report Inappropriate Content · ‎2013-02-28

Hi Bill,

Thanks for your reply.

In the latest Reference Manual, the section is section 26 (Configuring Microsoft IIS for Custom Users).

Maybe that's why Vagos didn't find it.

As far as I understand, section 23 (26) covers the authentication in IIS with custom users.

This is not what I'm looking for (I'm using the QV Webserver and AD-user).

I want users to manual authenticate themselves, not automatically via Browser Authentication and the Windows credentials of the currently logged in user on the workstation.

So it has to be possible to log out from the Access Point and log in with a different UserID than the one I'm logged in on the workstation.

As long as I use the option Default login page (browser authentication) every user (who has a CAL) instantly sees the Access Point - authenticated with the Windows(AD) user credentials the workstation uses. No login required.

If I use the option Alternate login page (web form) users which want to access QlikView get redirected to the given QV-Login form (basically what I want to achieve).

And now there are two (unwanted) scenarios.

Every user who is in the Administration Group of the QV Server can log on using his AD-credentials.

But every user who isn't can't.

I just want that users can log into QV with a different userID than the one which the workstation is logged in.

For example: I log into Workstation A with userID XX, but for QlikView I want to use userID YY.

Matt

Bill_Britt · ‎2013-02-28

You will need to write your own SSO system to do this. With either passing the Header information or using GetTicket.

Bill

Bill - Principal Technical Support Engineer at Qlik
To help users find verified answers, please don't forget to use the "Accept as Solution" button on any posts that helped you resolve your problem or question.

Report Inappropriate Content · ‎2013-02-28

Thanks.

So I understand that as long as I use the QV Webserver and not IIS, the automatic authentication is the only practical option?

I guess I was just confused because as long as the user was in the Administrators group everything worked as I expected.

Regards,

Matt

After installing QV11SR2 and https certificate, alternate login page (web form) only allows server admins. Anyone get this?