Qlik Community

Qlik Sense App Development

Discussion board where members can learn more about Qlik Sense App Development and Usage.

Not applicable

Authentication Solution: "Authentication Module" -vs- "Identity Provider"

My company is using Qlik as an embedded solution using the Mashup API.

The following link is a PDF with information about authentication solutions.

https://help.qlik.com/sense/2.1/en-US/pdf/Plan%20Qlik%20Sense%20deployments.pdf

  • pp 98-99 refer to an "authentication module" in the Ticket Solution.
  • pp 99-100 refer to an "identity provider" in the Session Solution.

What's the difference between these two?  I can't find an explanation in the document.

Thanks in advance,

Michael

4 Replies
Not applicable

Re: Authentication Solution: "Authentication Module" -vs- "Identity Provider"

Hi Michael,

The Ticket Solution referred to is more like a traditional authentication system (like Kerberos). I'm not an expert in this field, but as I understand it, this would be equivalent to connecting to a third party version of LDAP for a Windows single sign on.

The session solution is where you use the browser session cookie to authenticate against. I've implemented several website OEM solutions using the the session solution. If your mashup object is going to sit in a web page, then I would recommend giving this one a go.

Kind Regards,

Dave

Not applicable

Re: Authentication Solution: "Authentication Module" -vs- "Identity Provider"

Thanks David,

We are leaning toward a "Session Solution".

However the question is about the difference between:

  • authentication module
  • identity provider

thanks,

Michael

Not applicable

Re: Authentication Solution: "Authentication Module" -vs- "Identity Provider"

Ah, ok.

So in that case the 'authentication module' is some code on your webserver that handled the REST API with the QPS. We worked to this spec (https://help.qlik.com/sense/2.1/en-US/developer/#../Subsystems/ProxyServiceAPI/Content/ProxyServiceA...). EDIT: this is the part where QPS requests the userID from the session cookie and compare the returned user ID to QlikSenses users. NOTE, you'll be using a virtual proxy for this and the prefix = the user directory.

Reading the doc you mentioned again, I would say that the 'identity provider' can be considered to be your website. You will have set up a UDC that looks at the website users and pulled them across under a specific user directory. When someone logs into your platform and is given a session ID in a cookie and then navigates to the object in question (<qs_url>/<directory>/<single_object_guid>), then the QPS sends a request to your 'authentication module, (aka the code you've written to handle the above session module API). As mentioned above, your code will take the session ID sent by the QPS and return a GET request with the userID, if you get a null response, then you can send an ADD request. As long as the userID is valid and has a valid user or login token, QlikSense will grant a new session to that user.

At least, this is how we're doing it. I think there is more than one way to do this solution in QlikSense.

Dave

Not applicable

Re: Authentication Solution: "Authentication Module" -vs- "Identity Provider"

Have a look at the following:

Overview: https://drive.google.com/file/d/0BxBEVQthCb29T1NIUUxmTnZGWEk/view?usp=sharing

This goes over security integration with Qlik Sense.

Jeff G