Skip to main content
Announcements
Join us at Qlik Connect for 3 magical days of learning, networking,and inspiration! REGISTER TODAY and save!
cancel
Showing results for 
Search instead for 
Did you mean: 
Spivey
Partner - Contributor III
Partner - Contributor III

Setting up LDAP User Authentication

Our team is currently facing an issue where we need to allow LDAP users to sign in to our Qlik Sense Enterprise for Windows environment. Is there a way to set up this authentication process all within the QMC or with just Qlik tools, or is there no way of avoiding having to create a custom module to achieve this? 

Our environment:

  • Qlik Sense
    • Version: Qlik Sense April 2019 Patch 3 - 13.21.10
    • System: Windows Server 2016 Datacenter 64x
    • Host: AWS
    • Nodes: Multi-node
  • LDAP Server
    • System: IBM Tivoli Directory Server 8.0.1
    • Access: Accessible via port 389

The Context:

We just deployed Qlik Sense a month or so ago and the installation went well, no errors. We easily set up a User Directory Connection to our Active Directory and those users have been able to sign in with the default virtual proxy settings (Windows authentication pattern and Ticket authentication method). We also have a group of users that are based in a separate LDAP directory that we need to be able to sign in to and use Qlik Sense. We were able to establish a User Directory Connection to the LDAP server and pull in the list of users, but we now find ourselves at the authentication step of the process with few ideas for how to proceed.

The Issue:

We need to be able to set up the authentication process for these LDAP users with as little coding as possible. Put another way, we'd like to avoid, if at all possible, having to do any custom, outside-of-the-QMC configuration in order to allow these LDAP users to sign in to Qlik Sense.

What we've tried:

We've tried setting up a separate virtual proxy to handle the authentication process for the LDAP users using the Ticket method and Forms pattern, but there doesn't seem to be any way to really architect the actual "transaction" of credentials and ticket requests without spinning up a web server and writing a custom module to handle this.

We've also looked through the Qlik Community, Qlik Help, and Qlik Support sites for further information on how to achieve this; the consensus seems to be that there is no way of avoiding a custom solution but the majority of the articles and posts with that conclusion are from well over a year ago, so we want to be sure that there isn't a more "Qlik-centric," or at least "Qlik-endorsed," way of accomplishing this that's been created/discovered more recently.

Other notes:

The LDAP server we are using does not support SAML 2.0.

Thanks in advance for any guidance you can provide!

Labels (3)
1 Reply
siddharth_s3
Partner - Creator II
Partner - Creator II

Yes,

If you want to "customize" the credentials you are entering then having your own webserver do the trick is the way to go.

It is not so tough to be honest. As in, not a lot of coding.

Maybe, if you use this link and follow the instructions, you can have a webpage setup. All you have to do is edit certain configuration line items in the config file:

https://github.com/braathen/qlik-auth