Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hi folks,
I'm into integrating Qlikview with an Linux-based Java webportal.
Running QV 11 SR2 with QVWS.
On server system-security tab in QMC:
Anonymous users prohibited
DMS authorization selected
On QVWS authentication-tab
Always
Ntlm
Default login page
I have some Named CALs and some Session Cals as well as some Usage Cals.
Users log in to the portal and the MySQL-DB associated with the portal holds two tables, one for entities and one for groups as stated in the help of 'Configurable ODBC' DSC
Not very documented is that the two tables/ views shall look like
entityid name descr email
1 Gunnar Gunnar Gunnar@company1.com
2 user2 user1 user2@company1.com
3 group1 group1
4 user3 user1 user3@company1.com
groupid memberid
3 1
3 2
3 4
Anyway that stuff seems to work since I'm able to distribute documets to the users in that table.
Then the Java-code on the Linux-machine asks for a WebTicket from the QV-server.
http://QvServer/QVAJAXZfc/GetWebTicket.aspx?cmd=<Global method='GetWebTicket'><UserId>TWT_test\Gunnar</UserId></Global>
The QVS then asks for the credentials of a user on the QV-windows server that is member of the Qlikview Administrators group.
That users credentials are passed in from the Java-code with the use of cURL
The response is a ticket:
<Global>
<_retval_>331+WjqpV2WLGgn1etnoLYLRQ4FvsqsAl7em8Muh</_retval_>
</Global>
That ticket is used in a URL to let the user in.
In my case I perform the above links in Chrome signing in with my standard user when asked so being a member of the "Qlikview Adminsitrators" group.
Then to avoid the browser sending my standard credentials behind the scene when using the link below I test this by using an incognito window in Chrome:
I can point the user with the WebTicket to the AccessPoint
http://QVServer/QVAJAXZfc/Authenticate.aspx?type=html&webticket=331+WjqpV2WLGgn1etnoLYLRQ4FvsqsAl7em8Muh&try=http://QVServer/qlikview/&back=http://www.yahoo.com
The user can see the QV-documents he is allowed to see on the server and in the upper right corner I can see "Welcome Gunnar"
BUT BUT BUT when he select a document a LOGIN-prompt is fired.
Now comes the funny thing. If I cancel the LOGIN-prompt the document will show up!
The LOGIN-prompt is also there if I point the URL directly to a document:
http://QVServer/QVAJAXZfc/Authenticate.aspx?type=html&webticket=331+WjqpV2WLGgn1etnoLYLRQ4FvsqsAl7em8Muh&try=http://QVServer/QVAJAXZfc/opendoc.htm?document=Development/QVSystemMonitor_v4.qvw&host=QVS@softhouse7&back=http://www.google.com
Any hints on what to do to get rid of the annoying useless LOGIN-prompt?
/Andy
Hi,
try to set the Login Addess in QVWS to "Alternate login page" and "Allow anonymous" in QVS, Regards.
Corrado
I have the same issue on my v11 sr2 machine:
I can see here with a few suggestions:
1. change to NTLM (it works!!)
2. upgrade from SR1 to SR2 (but we already in sr2)
3. QVWS to "Alternate login page" and "Allow anonymous" (Not work)
Although NTLM's method is work, we are not going to use any windows authentication. We even removed the AD directory service info. Don't know why NTLM still work.
Would somebody have another methods other than NTLM or somebody can let me know what NTLM authentication is doing?
Thanks
Hello,
I'm using version 11.20.11705.0 and I faced some problems using DSC Configurable ODBC for MS SQL database.
Can you tell me as you set the below parameters in "DSP Settings" window ?
- Entity name
- Data Source Name
- Conn db name
- Database backend
- Override connection string
beacuse I'm not sure about their meaning.
Many Thanks
Regards
Cache expiry in minutes | * | |
Conn db name | * | |
Data source name | * | |
Directory label | * | |
Entity name | * | |
Entity table db name | * | |
Groups table db name | * | |
Override connection string | * | |
Service timeout in seconds | * |
Then in the DB-schema called twt (Conn db name above) there exists two views like this:
Directory label is just any nice name you like
qv_entity
----------------
id
entity_name
descr
For example
id entity_name descr email
21 good-customer
22 bad-customer
10242 user36
10243 user37
101000 user8
qv_groups
-----------
id
memberid
groupid
for example
id memberid groupid
242 10242 21
243 10243 21
1000 101000 22
user36 and user37 are then connected to the group good-customer and user8 to bad-customer
brgds
Andy
Hello Andy,
Thanks for your replay.
What does "Data source name" means ?
Actually I'm using "SQL Server" as driver name to connect to MS SQL database server while the system data source name is "XXX".
Many Thanks.
Regards
Hi,
That is the driver you are using.
To see some examples go to
http://www.connectionstrings.com/
Select your DB and if you scroll down you find examples with a 'Driver=' parameter.
You will find your actual string by going to Administrative Tools->Data Sources (ODBC) click on ADD and you have a list of your installed DB-drivers.
/Andy
Hi Andy,
So if I well understood it's not needed to create a new system data source name and therefore specify it in the DSP Settings !?
Is this right ?
Thanks and a have a nice day
Andrea
Hi,
I don't understand what you mean but there is no need to create any data source under Administrative Tools.
Actually what you are doing is that you are building a connection string by filling in the different boxes.
Under the hood I think the fields are just concatenated with some prefixes like Driver= to build up a connectionstring.
If you don't want to use the boxes you can define your own complete connection string in the 'Override connection string' field.
/Andy