Qlik Community

Ask a Question

Deployment & Management

Discussion board where members learn more about Qlik Sense Installation, Deployment and Management.

Announcements
Our May 2021 end-to-end product release from Data Integration to Data Analytics is out! READ DETAILS
cancel
Showing results for 
Search instead for 
Did you mean: 
AshwathRaj_26
Employee
Employee

Wont User credentials stored in PGSQL get exposed?

Hi,

My understanding is user credentials are stored in PGSQL which is used for validating login with external IdP

But if credentials are stored as-is in PGSQL wont they get exposed?

 

Labels (2)
1 Solution

Accepted Solutions
Levi_Turner
Employee
Employee

As @rzenere_methodedupe mentioned, when doing authentication, Qlik Sense Enterprise neither stores nor really knows the credentials of the end user. Qlik Sense Enterprise leverages existing authentication systems (Active Directory, a SAML IdP, etc). Those systems evaluate the credentials (or usually a hash of the credentials, see https://security.stackexchange.com/questions/129832/understanding-ntlm-authentication-step-by-step) then send a token to Qlik Sense Enterprise signaling that a given user (domain\userId) has successfully authenticated.

View solution in original post

2 Replies
rzenere_methodedupe

Hey @AshwathRaj_26 ,

as per my knowledge no, user credentials (username and password) are not stored into postgreSQL.
The only credentials that are stored there are the ones of technical users used inside postgreSQL itself (see users postgresql and qliksenserepository).

For 'regular' end users, only a reference of their user directory ("domain", if you're working with active directory) and user id ("username", if you're working with active directory) are kept.
Once the IdP has verified your identity, will let you proceed to Qlik Sense. Only at this point the IdP will tell Qlik who you are (user directory + user id).

Let me know if this makes any sense for you

Riccardo

Levi_Turner
Employee
Employee

As @rzenere_methodedupe mentioned, when doing authentication, Qlik Sense Enterprise neither stores nor really knows the credentials of the end user. Qlik Sense Enterprise leverages existing authentication systems (Active Directory, a SAML IdP, etc). Those systems evaluate the credentials (or usually a hash of the credentials, see https://security.stackexchange.com/questions/129832/understanding-ntlm-authentication-step-by-step) then send a token to Qlik Sense Enterprise signaling that a given user (domain\userId) has successfully authenticated.

View solution in original post