Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Not applicable
‎2014-07-18 01:46 PM

How to use Web Ticket SSO without having to specify Trusted IPs

We will be integrating our QV 11.2 documents into an existing external website we provide to our customers.  We've been able to do exactly what we want with the Web Ticket SSO architecture but would like to know how to do this without having to put the IPs of all of our user's client machines into the config file.

The issue we run into and cannot change is that the call to our QV server will be made from JavaScript inside the users browser and not therefore not from the webserver itself.  This will cause us to have thousands of users' PCs that would be to be added into the Trusted IPs.

I thought I had read somewhere that this could be accomplished by making a call to a site on the same domain as the QV server and then have that site request the Web Ticket on the user's browser's behalf but cannot find this anywhere.

Any thoughts or suggestions on how we can accomplish this?  Thanks!

1,453 Views
0 Likes
3 Replies
ergustafsson
Partner - Specialist
Partner - Specialist
‎2014-07-22 08:46 AM

Hi Brian,

One can use either IP filters or authentication. But the IP filters should reflect the portal or wherever the ticket is coming from, so you should not need to configure all end-users IP address.

Regards,

Erik

494 Views
0 Likes
Not applicable
‎2014-07-22 10:00 AM
Author

In response to ergustafsson

Thanks Erik.  The request for the web ticket is coming from the javascript in the client's browser, we cannot run a server side call to get the ticket.  So our javascript code has a POST into http://ourqvserver/QvAJAXZfc/GetWebTicket.aspx?cmd=.... to request the ticket and therefore the client needs the Trusted IP entry; I've actually tested this out as true.

But, it sounds like you provided the other option which is to turn windows authentication on (or can it be basic, digest or form?) on the site and therefore require a login as opposed to a Trusted IP.

As well, another option may be to put a page on the same site as the QV site and call into that page to have it request the ticket and send it back to the client, then we would only need the QV servers IP to be Trusted.

494 Views
0 Likes
ergustafsson
Partner - Specialist
Partner - Specialist
‎2014-07-24 03:40 AM

In response to

Hello again Brian,

Both your suggestions work. See attached as a reference, it should help you. Basic or certificates should work (remember to use HTTPS if using basic).

Regards,

Erik

Customized Authentication v2 0.zip
494 Views
0 Likes