Skip to main content

Qlik Community

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Deployment & Management

Discussion board where members learn more about Qlik Sense Installation, Deployment and Management.

Announcements
Skip the ticket, Chat with Qlik Support instead for instant assistance.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
AG-gugelbisolutions
Creator
Creator
‎2022-08-03 11:31 AM

Qlik Sense EoW authentication issue (outside domain deployment)

Hi there, I have always supposed Qlik Sense delegates authentication to the identity providers configured in the User Directory Connectors menu, but now I'm not that sure of it.

I recently deployed Qlik Sense on a virtual machine hosted by a cloud provider that is not part of the company's domain. I then configured the user directory connector (Active Directory) and was also able to download the full users list.

When trying to connect to the hub (https://localhost/hub), I get the login popup but authentication fails. Note that I'm using the same credentials I've used to configure the user directory connector in the previous step.

Windows logs some warnings that show that an authentication attempt was made and failed (Unknown user name or bad password). To me it seems like Qlik Sense is trying to perform authentication locally without engaging AD. In fact, we were not able to see any traffic generated by the login form submission.

Does this mean that Qlik Sense has to be installed on a machine that is part of the same domain as the users that try to  connect to it?

Is there a way to overcome this? Could it be the development of a custom login module?

Thanks

Labels (2)
Labels
221 Views
0 Likes
1 Solution

Accepted Solutions
Jay_Brown
Support
Support
‎2022-08-04 10:42 AM

Hello @AG-gugelbisolutions , you are correct.  It does need to be part of the same domain for AD or have a trust configured.

The best way to do this without configuring and enabling trust between the domains is to implement SAML Authentication with AD FS. 

https://help.qlik.com/en-US/sense-admin/November2021/Subsystems/DeployAdministerQSE/Content/Sense_De...

Hope this helps!

To help users find verified answers, please don't forget to mark a correct resolution or answer to your problem or question as correct.

View solution in original post

173 Views
0 Likes
3 Replies
Jay_Brown
Support
Support
‎2022-08-04 10:42 AM

Hello @AG-gugelbisolutions , you are correct.  It does need to be part of the same domain for AD or have a trust configured.

The best way to do this without configuring and enabling trust between the domains is to implement SAML Authentication with AD FS. 

https://help.qlik.com/en-US/sense-admin/November2021/Subsystems/DeployAdministerQSE/Content/Sense_De...

Hope this helps!

To help users find verified answers, please don't forget to mark a correct resolution or answer to your problem or question as correct.
174 Views
0 Likes
AG-gugelbisolutions
Creator
Creator
‎2022-08-04 11:01 AM
Author

Hi @Jay_Brown and thanks. I have got an additional and different possibile solution to discuss, but I prefer to create a new thread.

I'll post the link asap.

Thanks

170 Views
AG-gugelbisolutions
Creator
Creator
‎2022-08-04 11:50 AM
Author

Here is the link to a new discussion where I try to describe what in my mind could represent a possible alternate solution.

https://community.qlik.com/t5/Deployment-Management/Multi-Node-Deployment-across-domains/m-p/1964723...

Is it feasible?

165 Views
0 Likes