Forms authentication through Active Directory and getTicket

anguila — Mon, 08 Oct 2012 16:32:07 GMT

Hi,

I know there are many information about that in the forum but I didn't find a clear answer, so sorry for be redundant..

Our scenario:

We have a Qlikview Server configured in NTFS Mode so the autoritzation is through IWA (Integrated Windows Authentication), but we want to change that internet explorer popup to our login (asp.net) system using forms authentication linked to Active directory achieaving a single-sign-on system through our login, thus when a already logged user (in our login solution) click a qvw link, automatically will be logged in qlikview system.

I found many examples to that getTicket system, but as I understood its (almost) compulsory to change authentication to DMS-Mode, is that true?

Question 1: There is a way to use getTicket with NTFS Mode? If its not, there is another method instead of getTicket to achieve the same behaviour? (without using html header for the insecurity/spoofing issue)

As I read in the qlikview server manual, NTFS Mode is suitable for all that Active Directory authoritzation method:

"NTFS is the default document authorization model, suitable when all users and groups are identified in

Active Directory or locally on the QlikView Server host"

So this definition fits in our users-structure system, so if we can 'overwrite' the login page of Qlikview through our own logging system in NTFS-Mode and its compulsory to switch to DMS-Mode, I wonder if:

Question2: Can we use a active directory tree (LDAP PATH) as a source of users in DMS-mode? We have to import all users each time we add a new user in A.D or it reads the ldap path each time dinamically?

That second questions is a result of reading:

"DMS integrates fully with the existing Directory Service Provider (for example, Active Directory, other LDAP) where Group Membership

has been recorded – this is a mechanism by which QlikView Server can re- use existing enterprise accounts

and group structures. The permitted users or groups are recorded in a meta file that resides next to the

QlikView document, and it is managed using QMC"

So I'm not sure at all if its dinamically or not...

Question3: Maybe we should go for dual (ntfs-mode + dms mode) authoritzation, is that even possible/right having in mind the scenario I told you before?

Thanks for your time!

David.

topic Forms authentication through Active Directory and getTicket in QlikView

Forms authentication through Active Directory and getTicket