topic Re: Login Access Pass problems in Management & Governance

Login Access Pass problems

Tue, 28 Jul 2015 09:59:01 GMT

Hi Guys! I am using Qlik Sense server 1.1 The Issue is that yesterday I created a mashup which I wanted to allow anonymous users within our AD to be able to access. It worked fine when I used the login pass rule: user name like value * (for all users). The problem was that when I created this rule the user access users were also recognized as login pass users and since many people were logging in and out it used up all the passes (1 token). This must be because of the anonymous setting. Today I tried adding, AND/OR rules and also adding a new rule to exclude my name but I still get the message that I don’t have an access pass. So the question is how to combine anonymous access for all users in the AD with a couple of user access users without running out of tokens. It only works for me to access the hub after I login at qmc. Is this the only solution for the user access users? I would really appreciate some guidance on this. Thanks!

Thanks!

Sahir Ahmed

Re: Login Access Pass problems

Tue, 28 Jul 2015 21:27:49 GMT

Sahir,

I don't recommend user name like * as a rule for anything. It's going to get you in more trouble down the road.

To solve the problem you can allocate user access passes manually, or if you have set up an Active Directory UDC and unchecked sync on first login you will get the whole directory.

If you have the directory loaded into Sense you can create user access rules and login access rules based on attributes like AD groups.

In addition, you could create a custom property for specific users you want to have use user access passes. Create the custom property and make it valid for user resources. Then go to the specific users and add the custom property to those users. After that create a user access rule based on the custom property. If the user logging in has the custom property they will get a user access pass, otherwise they will get a login access pass.

The other thing you can do is set up a virtual proxy that does not allow anonymous connections and route your named users through there and create another virtual proxy that allows anonymous and send your login access users through that vp.

Re: Login Access Pass problems

Wed, 29 Jul 2015 07:14:18 GMT

Hi Jeffrey,

Thanks for the reply the problem is that we have around 1500 persons in the AD so grouping them or giving them passes manually will be very time consuming. The purpose is to be able to post some charts on the internal web portal. Is there not a way to come around the problem by not giving the user access users the same rights or something like that?

Thanks!

Sahir

Re: Login Access Pass problems

korsikov — Wed, 29 Jul 2015 14:15:24 GMT

I have server with over 1000 anonymous user connect per day,

just buy more tokens. This solution to the problem. No tokens - will not operate. The server is free and licensing unit, if you can call it that, is a token

Re: Login Access Pass problems

Wed, 29 Jul 2015 14:20:17 GMT

Thats like saying you let the water run forever if your bathtub is leaking instead of fixing the hole. Not the solution I'm looking for.

Re: Login Access Pass problems

Wed, 29 Jul 2015 14:22:06 GMT

Jeffrey,

I will forward your message to someone who is admin for the AD and server maybe they can figure it out thanks!

Re: Login Access Pass problems

korsikov — Wed, 29 Jul 2015 14:30:07 GMT

I apologize.I not carefully read the issue. Try to rewrite your mashup that would work in the user's Session.

Re: Login Access Pass problems

Wed, 29 Jul 2015 14:34:32 GMT

No problem thanks I'll look into it.

Sahir

Re: Login Access Pass problems

Fri, 31 Jul 2015 15:57:20 GMT

Sahir, I imagine there is a way through security rules to do exactly what you want, but I'm not understanding the use case completely. If you want you can personal message me and we can chat about what you want to do and see how we may accomplish this with security rules.

Re: Login Access Pass problems

Tue, 04 Aug 2015 07:49:48 GMT

Thanks Jeffrey,

Would love to, I just started following you. Apparently you must follow me to let me send you PMs.

Thanks!

Sahir

Re: Login Access Pass problems

Wed, 05 Aug 2015 23:27:27 GMT

Sahir,

Check out this short video based on what we discussed. Video Link : 3334

If this video is helpful, please mark this discussion as helpful or answered to help others with similar questions.

Thanks,

Jeff G

Re: Login Access Pass problems

Thu, 06 Aug 2015 16:07:52 GMT

Thanks jog!

That really helped a lot. A follow up question would be, is it possible to demand login credentials for only the hub? Because what is happening now is that, in order to login as a developer I am forced to go to the QMC first. If I go to the hub directly I will first be regarded as an anonymous user until I login and then my pass is used up from my token? The developers are quite reluctant to always have to go to qmc first.

Re: Login Access Pass problems

Thu, 06 Aug 2015 16:48:21 GMT

The reason why this happens is because you have allow anonymous users turned on for your virutal proxy.

Re: Login Access Pass problems

Fri, 07 Aug 2015 09:18:23 GMT

Thanks Jeff,

Is that the way it works for everyone with anonymous access or is there any way to get around it?

/Sahir

Re: Login Access Pass problems

Fri, 07 Aug 2015 13:08:45 GMT

If you want specific users to get prompted to login and not have to click the button to login, I recommend creating a separate virtual proxy for your developers and have no anonymous access allowed through that entry method. That way they get prompted for credentials when they attempt to access Qlik Sense resources.

Re: Login Access Pass problems

Fri, 07 Aug 2015 14:55:53 GMT

Thaks, this may seem dumb, but I don't understand how that works, could you give an example

Re: Login Access Pass problems

Fri, 07 Aug 2015 15:10:31 GMT

Read this how to on creating a virtual proxy:

Here: Configure Qlik Sense 1.1 Virtual Proxy for Web Ticketing

and Here: Qlik Sense 1.1: Set Up Header Auth Virtual Proxy

In the virtual Proxy you want to turn off anonymous access:

Re: Login Access Pass problems

Fri, 07 Aug 2015 15:43:20 GMT

Thanks Jeff you're a Star! That solved everything!

Re: Login Access Pass problems

Mon, 10 Aug 2015 16:03:29 GMT

Please mark which ever response resolved your question as answered so that the thread can be closed and made helpful for others.

Thanks,

Re: Login Access Pass problems

Mon, 10 Aug 2015 16:05:33 GMT

Thanks I already did