Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hi all,
I'm newbie in Qlik Sense.
With our server, we installed Qlik Sense with a Windows AD domain, authentication with Analyzer access allocations users work fine.
Now, we must add second domain users. I can configure the connector and I can have the second domain user in the User list. I assigned new users in the Analyzer access allocations too. But the authentication is not possible. In the log file QLIK_Audit_Proxy.txt, I get only "Login: failed. 0 Second_domain Username".
Thank you for your help.
b
Hello,
Yes the problem will be the same with Generic LDAP I am afraid.
The only way I can think of without enabling trust between the domains is to implement SAML Authentication with ADFS.
Here is some documentation about it: https://help.qlik.com/en-US/sense/April2019/Subsystems/ManagementConsole/Content/Sense_QMC/SAML-conf...
Hope this helps!
Like Bastien replied, the problem is not by adding the UDC in QMC, becuase adding UDC is not for authentication purposes. Qlik Sense does not perform the authentication, it is done by windows or any IDP of your choice. If your hosting service AD cannot access/trust the secondary AD, there won't be a way to validate the end user and as result and login failure.
BR
Gio
You have to make sure that there trust AD relationship between the AD that the hosting server is on and the the new AD. If there's none, then Windows Auth won't be able to validate the user, which include authenticate them. . Go to Windows event logs > security, look for any errors.
BR
Gio
Hi Gio,
Thank you for your reply.
Unfortunately, we cannot trust the domains, not technical reason, but the political reason. So.
Can you tell me it will be same if I use the Generic LDAP connector ?
Many thanks for your help.
b
Hello,
Yes the problem will be the same with Generic LDAP I am afraid.
The only way I can think of without enabling trust between the domains is to implement SAML Authentication with ADFS.
Here is some documentation about it: https://help.qlik.com/en-US/sense/April2019/Subsystems/ManagementConsole/Content/Sense_QMC/SAML-conf...
Hope this helps!
Like Bastien replied, the problem is not by adding the UDC in QMC, becuase adding UDC is not for authentication purposes. Qlik Sense does not perform the authentication, it is done by windows or any IDP of your choice. If your hosting service AD cannot access/trust the secondary AD, there won't be a way to validate the end user and as result and login failure.
BR
Gio
We are facing same issue, we need to configure two different domain users, DOMAIN A and DOMAIN B. There is no trust between forest’s DOMAIN A and DOMAIN B. We create two LDAP connection it's showing the user from both domain. But Login by user from DOMAIN A is working while Login by DOMAIN B user get failed.
We have one login page(F5) for user authentication, it's just need user name and password for our default proxy it's working fine. Now we have requirement to add another domain user(DOMAIN B) and there is no trust. Suppose what you suggesting to implement SAML Authentication with ADFS is done than at what page default proxy user(DOMAIN A) will login ? and how to redirect for SAML(second domain(DOMAIN B).