topic Re: Single Sign On (SSO) to access into Access Point in QlikView

Single Sign On (SSO) to access into Access Point

partenope — Mon, 26 Jan 2026 18:19:17 GMT

Hi all,

we work on a QlikView Enterprise Edition Server 11.2 running with IIS and NTFS (Active Directory) Authentication.

We have 2 kind of users:

"Internal Users"
They are inside the INTRANET. They log in to their PCs using Domain Users and they can access on the Access Point in Single Sign On: Qlik does not show any Login Pop-up and the User is identified Automatically.
"External Users"
They are users OUT of the Intranet. They log in to their PCs with a "Machine Users" and Access Point, obviously, CAN'T authenticate them automatically.

We, obviously, have SSO problems with the second type of Users.

They access to QlikView Documents through a Web Portal where they log in with an Active Directory User.

They reach QlikView Document using a dynamic link to "opendoc.htm" standard page.

I know "opendoc.htm" can receive USERID and PASSWORD parameters, but they are "Section Access" parameters.

The Web Portal could pass the Active Directory credentials to "opendoc.htm"... But I don't know how opendoc.htm can (if it can) receive the Active Directory User by parameters.

Someone had (and solved) same problem?

Thanks in advance!

Re: Single Sign On (SSO) to access into Access Point

Wed, 16 Jul 2014 16:34:17 GMT

I suppose we can try with Anonymous authentication, you can find the details in Server manual.

Thanks,

Sai

Re: Single Sign On (SSO) to access into Access Point

partenope — Tue, 22 Jul 2014 08:22:27 GMT

Thanks Sai Vallapu, but we need authentication...

Re: Single Sign On (SSO) to access into Access Point

Tue, 22 Jul 2014 08:28:12 GMT

Did you tried with custom directory authentication?

Re: Single Sign On (SSO) to access into Access Point

partenope — Tue, 22 Jul 2014 08:39:44 GMT

Thanks Rajesh Pillai, the problem is only how to pass to "opendoc.htm" the Active Directory User to open document without authentication popup when user is out of the intranet...

The only way (but not the best), I think, is manually customizing Authentication.aspx page...

Re: Single Sign On (SSO) to access into Access Point

ergustafsson — Tue, 22 Jul 2014 12:54:12 GMT

Hi,

The webserver can't authenticate them automatically as they are outside the domain. If the external users aren't AD users you need a second webserver and use DMS file authorization (for all users) as they do not have NTFS file permissions.

Also, I recommend you to try without the Section Access to see if it helps. Might want to use USERID on Section Access instead of NTNAME.

Regards,

Erik

Re: Single Sign On (SSO) to access into Access Point

partenope — Tue, 22 Jul 2014 14:10:12 GMT

Hi Erik Gustafsson,

All the users are AD Users, but some of them access from outside the Intranet (SalesReps for example).

There is no Section Access problem: the only issue is the authentication pop-up when a user access from the Internet: my goal could be a way to pass the AD user name & password to the "direct" link, like Section Access USERID and PASSWORD parameters...

All the External Users access to the Qlik Documents by a direct link, like this:

http://<server_name>/QvAJAXZfc/opendoc.htm?document=document_name.qvw&host=<server_name>

Re: Single Sign On (SSO) to access into Access Point

ergustafsson — Thu, 24 Jul 2014 07:37:46 GMT

Hi Dario,

How can the domain trust the external users when they are not logged in from a secure place? You cannot pass the username and password in the URL as you need to be authenticated when entering the QlikView AccessPoint. So if the webserver can't automatically authenticate them, everything works as expected, as it shouldn't. They are outside the domain boundaries and thus is not to be automatically trusted, it would breach security. I would look into some kind of VPN solution or DirectAccess to configure a seamless login.

Regards,

Erik

Re: Single Sign On (SSO) to access into Access Point

partenope — Thu, 24 Jul 2014 15:29:52 GMT

Hi Erik,

external users are logged in to a web portal with their credentials and they have a link to the QV Document on the homepage...

My hope is clicking the link and accessing to Document without entering again user & password...

Thanks in advance

Re: Re: Single Sign On (SSO) to access into Access Point

ergustafsson — Fri, 25 Jul 2014 06:31:53 GMT

Hi Dario,

If you indeed have a web portal passing credentials and a separate webserver to log these users in, then it is very possible. We have many customers using both Header and WebTicket solutions to make a SSO solutions possible. This might be a bit to in-depth to discuss here, but attached is some documentation on customized authentication. Essentially as long as the webserver can authenticate them automatically (by some server providing their credentials) it can work fine. Usually you need two webserver services as one handles the standard Active Directory NTLM login and one webserver handles customized header/WebTicket authentication. We do not have any features like virtual proxies or similar in the webserver, possibly this can be achieved by IIS, but not sure. There are no extra license costs for an extra webserver, so if there is a dedicated extra machine this should be viable.

Regards,

Erik

Re: Re: Single Sign On (SSO) to access into Access Point

partenope — Fri, 25 Jul 2014 11:04:04 GMT

Thanks Erik,

just yesterday we found the "Customized Authentication" document and our choice may be "WebTicket"...

Thanks a lot for your support and for the "Example" folder!

Best Regards

Re: Single Sign On (SSO) to access into Access Point

Mon, 03 Nov 2014 20:32:32 GMT

Hi Partenope,

I am also having same issue, please could you tell me how did u resolved your issue. I am having java based portal application through which users will be logged in and authenticated. After that, if I need to access the reports on Qlick view server, I am getting Access Point pop up to enter the credentials to view the report.

Could you tell me the steps you followed to resolve the issue. Thanks in advance for your help.

Re: Re: Single Sign On (SSO) to access into Access Point

Thu, 06 Nov 2014 15:37:26 GMT

Hi Erik,

We have configured the DMS authentication per "Qlikview 10 Accesspoint SSO.pdf" document, then when I tried to open the document through fiddler, I was able to open successfully, wheres as when I tried through my web application, I got error message that "Login Failed". Let me know if, you have any thoughts on that.

We have QVWS and QVS with respect to Qlikview.

I have Java based web application, which can set header parameter for Qlikview requests to open the document through my application.

Please could you tell me, where we are doing some mistake?

Re: Re: Single Sign On (SSO) to access into Access Point

ergustafsson — Thu, 13 Nov 2014 09:53:53 GMT

Hi,

Could be related to trusted sites/authentication to who passes the header.

Hard to tell without more information. I would recommend you to get in touch with a consulting if you need to fully integrate according to best practices, otherwise we can give it a shot here if you'd post some more info.

Regards,

Erik