Qlikview - generating webtickets. Any way of locki... - Qlik Community

Report Inappropriate Content · ‎2013-03-26

Hi,

I've just setup QlikView Server 11.2 SR1 and am looking at integrating the WebTicket system with our current SAML authentication code in our application portal.

Is there any way to modify the QV configuration so that access to GetWebTicket.aspx is restricted?

Currently, any user authenticated on the domain can fire up a browser, and hit /qvajaxzfc/getwebticket.aspx?cmd=<Global method="GetWebTicket"><UserId>domain\user</UserId></Global> and get a web ticket through the return XML with any domain\user value. Then use this ticket with authenticate.aspx to login to the system as said user.

The reason I'm keen to restrict this is because not all users on our QV Server should get access to certain .qvw models.

Many thanks.

GG

Miguel_Angel_Baeyens · ‎2013-03-27

Hi,

The ticket should just authenticate the user to the portal. Then in the Distribution task you can specify the authorized users to open that document in the Publisher task itself, and using section access too. If the user is authenticated but not authorized, this will not see the document, therefore will not be able to open it.

There is a third way going to the QMC and setting manually which groups are able to see what documents, again, even when the user has a ticket, i.e.: has been properly authenticated, will not be able to open a document he is not authorized to.

Hope that helps.

Miguel

danielrozental · ‎2013-03-27

Only QlikView administrators should be able to request tickets, are you sure you've not included the group users in th e qlikview administrators group?

Report Inappropriate Content · ‎2013-03-28

Ahh okay, I didn't realise that only QV Admins were allowed to request tickets. I'll test this and see with a normal user (my NTLM login is part of the QlikViewAdministrators group).

Qlikview - generating webtickets. Any way of locking this down?