Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
AshwathRaj_26
Employee
Employee
‎2021-04-01 12:09 AM

Wont User credentials stored in PGSQL get exposed?

Hi,

My understanding is user credentials are stored in PGSQL which is used for validating login with external IdP

But if credentials are stored as-is in PGSQL wont they get exposed?

 

Labels (2)
Labels
625 Views
1 Solution

Accepted Solutions
Levi_Turner
Employee
Employee
‎2021-04-01 09:30 AM

As @Anonymous mentioned, when doing authentication, Qlik Sense Enterprise neither stores nor really knows the credentials of the end user. Qlik Sense Enterprise leverages existing authentication systems (Active Directory, a SAML IdP, etc). Those systems evaluate the credentials (or usually a hash of the credentials, see https://security.stackexchange.com/questions/129832/understanding-ntlm-authentication-step-by-step) then send a token to Qlik Sense Enterprise signaling that a given user (domain\userId) has successfully authenticated.

View solution in original post

575 Views
2 Replies
Anonymous
Not applicable
‎2021-04-01 03:40 AM

Hey @AshwathRaj_26 ,

as per my knowledge no, user credentials (username and password) are not stored into postgreSQL.
The only credentials that are stored there are the ones of technical users used inside postgreSQL itself (see users postgresql and qliksenserepository).

For 'regular' end users, only a reference of their user directory ("domain", if you're working with active directory) and user id ("username", if you're working with active directory) are kept.
Once the IdP has verified your identity, will let you proceed to Qlik Sense. Only at this point the IdP will tell Qlik who you are (user directory + user id).

Let me know if this makes any sense for you

Riccardo

590 Views
Levi_Turner
Employee
Employee
‎2021-04-01 09:30 AM

As @Anonymous mentioned, when doing authentication, Qlik Sense Enterprise neither stores nor really knows the credentials of the end user. Qlik Sense Enterprise leverages existing authentication systems (Active Directory, a SAML IdP, etc). Those systems evaluate the credentials (or usually a hash of the credentials, see https://security.stackexchange.com/questions/129832/understanding-ntlm-authentication-step-by-step) then send a token to Qlik Sense Enterprise signaling that a given user (domain\userId) has successfully authenticated.

576 Views