topic Re: Help Needed in Qlikview SSO integrtation - Urgent in QlikView

Help Needed in Qlikview SSO integrtation - Urgent

sibin_jacob — Thu, 28 Aug 2014 08:19:36 GMT

We implemented SSO in QlikView using Header method. It is passing the header value from the third party login page to Qlikview accesspoint properly.

But currently we are facing couple of issues. Below are the details

Qlikview Access point is showing User name instead of Login ID. It is picking the User name from the Active Directory.

Some of the users are outside the Active Directory so it is showing the Login Id. We need to show Login ID for all the users.

How can we change it into Login Id instead of User Name?

2. If user clicking any link in QlikView access point after the session time out, We need to redirect to third party Login page or close the browser tab. Is this feasible ?

Thanks in Advance.

Regards,

Sibin Jacob. C

Re: Help Needed in Qlikview SSO integrtation - Urgent

ashfaq_haseeb — Thu, 28 Aug 2014 08:29:16 GMT

Hi,

For point one.

This is not directly possible.

You need to talk with your content team to replace name with ID by some programming. As Header of portal you logged in will return Name not ID.

For Point 2

If you configured to read it with SSO, then I don't think you can directly access QlikView Access Point

Regards

ASHFAQ

Re: Help Needed in Qlikview SSO integrtation - Urgent

sibin_jacob — Thu, 28 Aug 2014 08:57:30 GMT

Hi Ashfaq,

Thanks for the reply.

For point one.

I tested locally with 'Fiddler tool' ( Using local host). I have passed header value as sjacob(Login Id) but it is showing jacob, Sibin (User Name). How can I replace the name with ID? can you explain little more?

For Point 2.

I am not able access the Qlikview access point directly.

But my problem is If a user access the accesspoint through third party login page and not doing anything in the accesspoint for 1 hour. After 1 hour the session will get expire. After that If user click on any link or document from the access point, It should redirect to login page or it should close the browser tab. Is this feasible?

Thanks,

Sibin Jacob. C

Re: Help Needed in Qlikview SSO integrtation - Urgent

ashfaq_haseeb — Thu, 28 Aug 2014 09:06:34 GMT

Hi,

This is purely can be handled by .net developers.

If you have someone in your company, please ask them to help you here.

Regards

ASHFAQ

Re: Re: Help Needed in Qlikview SSO integrtation - Urgent

Thu, 28 Aug 2014 10:02:00 GMT

Hi Ashfaq

You are right, it can be purely handled by .net developer. in My company we have implemented SSO functionality for our client exact the same requirement Sibin jacob is taking about. there are lot many configuration to enable SSO.

As i have review Sibin Jacob question

Qlikview Access point is showing User name instead of Login ID. It is picking the User name from the Active Directory.

Some of the users are outside the Active Directory so it is showing the Login Id. We need to show Login ID for all the users.

How can we change it into Login Id instead of User Name?

Ans:- In our project we have pass the User Name threw the Active Directory and the same User existing in Application. so that both in Active Directory and Application user should be same. we have integrated the Integrated Windows Authentication.

With Integrated Windows authentication, the user name and password (credentials) are hashed before being sent across the network. When you enable Integrated Windows authentication, the client browser proves its knowledge of the password through a cryptographic exchange with your Web server, involving hashing. please see below URL for more information.

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/523ae943-5e6a-4200-9103-9808baa00157.mspx?mfr=true

Waffle – Windows & AD Authentication Framework

WAFFLE is a native Windows Authentication Framework consisting of two C# and Java libraries that perform functions related to Windows authentication, supporting Negotiate, NTLM and Kerberos. Waffle also includes libraries that enable drop-in Windows Single Sign On for popular Java web servers, when running on Windows.

http://dblock.github.com/waffle/

NTLM, Kerberos and Negotiate

These are network authentication protocols and method to authenticate users in general in windows network. In this implementation of SSO with waffle, we are using Kerberos protocol.

More details can be found at these links:

http://en.wikipedia.org/wiki/Kerberos_(protocol)

http://en.wikipedia.org/wiki/NTLM

More details can be found at this link:

2. If user clicking any link in QlikView access point after the session time out, We need to redirect to third party Login page or close the browser tab. Is this feasible ?

Ans:- still this feature is implemented in Java code that we have implemented.

Following requirement are basic to implement SSO Functionality

1. Filtering request to pass windows authentication token

2. Changing LDAP table configuration (this will be identify the user it existing in Multiple schema or not)

Thanks

Saumil Jani

Re: Help Needed in Qlikview SSO integrtation - Urgent

Thu, 28 Aug 2014 10:04:29 GMT

Hi Sibin

Please see my below comments let me know if it work for your issue.

As i have review Sibin Jacob question

Qlikview Access point is showing User name instead of Login ID. It is picking the User name from the Active Directory.

Some of the users are outside the Active Directory so it is showing the Login Id. We need to show Login ID for all the users.

How can we change it into Login Id instead of User Name?

Ans:- In our project we have pass the User Name threw the Active Directory and the same User existing in Application. so that both in Active Directory and Application user should be same. we have integrated the Integrated Windows Authentication.

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/523ae943-5e6a-4200-9103-9808baa00157.mspx?mfr=true

Waffle – Windows & AD Authentication Framework

http://dblock.github.com/waffle/

NTLM, Kerberos and Negotiate

These are network authentication protocols and method to authenticate users in general in windows network. In this implementation of SSO with waffle, we are using Kerberos protocol.

More details can be found at these links:

http://en.wikipedia.org/wiki/Kerberos_(protocol)

http://en.wikipedia.org/wiki/NTLM

More details can be found at this link:

2. If user clicking any link in QlikView access point after the session time out, We need to redirect to third party Login page or close the browser tab. Is this feasible ?

Ans:- still this feature is implemented in Java code that we have implemented.

Following requirement are basic to implement SSO Functionality

1. Filtering request to pass windows authentication token

2. Changing LDAP table configuration (this will be identify the user it existing in Multiple schema or not)

Thanks

Saumil Jani

Re: Help Needed in Qlikview SSO integrtation - Urgent

AbhijitBansode — Sat, 17 Oct 2015 15:02:30 GMT

Hello Saumil,

Looks like this is the right post to table my question around default authentication in QlikView.

I've been running a crusade to OK the use of QlikView on native iOS/Android app. Organisation I'm working for has already got their native app(iOS/Android) available for all employees. I've been asked to make the QlikView dashboards available on the app.

Now to enable SSO of the QlikView dashboard from native app, app support team has asked me to set up Kerberos authentication at QlikView side. I've no idea as to how kerberos authentication can be setup in QlikView. I'm aware of QlikView uses default NTLM authentication. I would really appreciate any guidance here.

Thanks,

Abhijit