Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hi,
My understanding is user credentials are stored in PGSQL which is used for validating login with external IdP
But if credentials are stored as-is in PGSQL wont they get exposed?
As @Anonymous mentioned, when doing authentication, Qlik Sense Enterprise neither stores nor really knows the credentials of the end user. Qlik Sense Enterprise leverages existing authentication systems (Active Directory, a SAML IdP, etc). Those systems evaluate the credentials (or usually a hash of the credentials, see https://security.stackexchange.com/questions/129832/understanding-ntlm-authentication-step-by-step) then send a token to Qlik Sense Enterprise signaling that a given user (domain\userId) has successfully authenticated.
Hey @AshwathRaj_26 ,
as per my knowledge no, user credentials (username and password) are not stored into postgreSQL.
The only credentials that are stored there are the ones of technical users used inside postgreSQL itself (see users postgresql and qliksenserepository).
For 'regular' end users, only a reference of their user directory ("domain", if you're working with active directory) and user id ("username", if you're working with active directory) are kept.
Once the IdP has verified your identity, will let you proceed to Qlik Sense. Only at this point the IdP will tell Qlik who you are (user directory + user id).
Let me know if this makes any sense for you
Riccardo
As @Anonymous mentioned, when doing authentication, Qlik Sense Enterprise neither stores nor really knows the credentials of the end user. Qlik Sense Enterprise leverages existing authentication systems (Active Directory, a SAML IdP, etc). Those systems evaluate the credentials (or usually a hash of the credentials, see https://security.stackexchange.com/questions/129832/understanding-ntlm-authentication-step-by-step) then send a token to Qlik Sense Enterprise signaling that a given user (domain\userId) has successfully authenticated.