Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
Not applicable

QlikSense: SAML / FEDERATED SECURITY / SECURE TOKENS

In White paper for QlikView:

SAML / FEDERATED SECURITY / SECURE TOKENS There are a number of different security systems that can make use of secure tokens to sign users into a range of systems. There are several different standards and sets of terminology around this approach such as SAML (Security Assertion Markup Language) and federated security such Active Directory Federation Services. Although each is different the approach from a QlikView perspective is similar. Here is how it typically works… In this approach, due to the level of integration required, a custom login page can be created to use the security API in QlikView. Although this mechanism is relatively simple to use it does require some knowledge of programming and this configuration is not ‘out of the box’. There are examples on how to implement this approach available on the QlikView Community. 3 The advantage of this approach is again to conform to an organization’s standard way for securing services. It again does require that an organization has in place a security system that offers this kind of functionality but QlikView has an approach for integrating with a range of vendors’ solutions. QlikView Server 8. User received QlikView content CLOUD 1. User requests QlikView content Custom Login Page 2. User redirected to Login System 5. Request QlikView content with token 4. Redirect user to QlikView with token 3. Login Against Login System 6. Validate token Login System CUSTOMER SITE/INTERNET 7. Token is OK and provide username/groups QlikView and the Cloud | 13 With Active Directory Federation Services (ADFS) it is possible for users to seamlessly log in to a non-domain cloud server without being prompted to log in as their internal Windows credentials are used during the process of logging in. This gives an excellent user experience and ADFS is often implemented within organizations alongside their regular Active Directory which means there is no requirement for an additional SSO product or set of users.

Has anyone seen this for QlikSense?

13 Replies
javier_quintela
Contributor
Contributor

Thank you very much Jeff, it was a version problem as well you said. I upgraded to version 2.2.3.0 and 400 errors no longer appear!!

Now, the problem is that when accessing the URL through Virtual Proxy of ADFS and enter credentials, I am redirected to the hub URL but it tells me:


"You can not access Qlik Sense because you has not access permission"


Proxy Logs say this: Access to app '__hub' denied, result code 'NoAvailableAccessType'


However, if I access to the url of the hub without going through Virtual Proxy of ADFS I access correctly.


Any ideas?


Thanks

Not applicable
Author

‌hi,

now your issue is you haven't provisioned a token for the user logging in to have access.

check out the license and tokens video in this series here:

https://m.youtube.com/playlist?list=PLW1uf5CQ_gSpUIEWu0-0TzzEaNVQo346i

Cheers,

jeff g

javier_quintela
Contributor
Contributor

Hi,

The problem appears with the userID field. All users in my user directory have as user id the name without the domain suffix. When I access through the virtual ADFS proxy with the userID@domainsuffix will not recognize it and tell me that I haven´t  access. In fact, automatically it generates a new user with the username @ domain suffix and adds it to the user list of Qlik. If I allocate the access to this new user, authentication works through the virtual proxy of ADFS, but consuming two licenses for the same user.

In short, is it possible that my users have the user id @ domain suffix format to avoid this problem? What am I doing wrong?

Thanks

javier_quintela
Contributor
Contributor

Hi,

I know what the problem was: My SAML attribute for User ID was not upn, windows account name was!!!


Regards