Skip to main content
Announcements
Introducing a new Enhanced File Management feature in Qlik Cloud! GET THE DETAILS!
cancel
Showing results for 
Search instead for 
Did you mean: 
ashokamp
Contributor II
Contributor II

Qlikview Server Setup (Authenticate/Authorize)

Hi,

need your help in setting up a environment for Qlik dashboards users.

Current Setup:

Internal Users in the LDAP are able to access the dashboard through internet.

They are logging in through a portal and Authentication is setup at Header  (IBM Web seal SSO)  in QlikView server . Users can able to access the dashboards without any hassle.

Authentication is through Header (SSO)

Authorization is NTFS (LDAP)


Scenario:

Now the requirement is as follows:

External users who are not part of the (LDAP network ) to be provided access to the dashboard.

Could you please help us in the new requirement .


Thanks

Ashok J

7 Replies
gregortvw
Contributor III
Contributor III

Hi,

I've made a similar setup with IBM TAM previously.

User authenticates on TAM, it gives some header to QVWS, Header-Authentification is turned on.

You have to provide some access to WebSeal, so the user can come past TAM to the particular Access Point.

So I would say, the easiest way to solve your problem is to add external users to LDAP.

Maybe you can use a special group that has less permissions on systems, but also authorized to access your junction

Regards,

Gregor

ashokamp
Contributor II
Contributor II
Author

Hi Gregor,

Thanks for your suggestion for adding External users to LDAP.

if we cannot add it to the existing LDAP is there any way possible?

OR

Suppose if External users are in a particular LDAP, can we configure this LDAP in parallel to the existing LDAP..

Can Qlikview DSC work with Two LDAPS? Whether it will search for users from two LDAPS while authetication?

Thanks

Ashok

gregortvw
Contributor III
Contributor III

Hi Ashok,

DSC supports multiple connections for each protocol, also you can use a custom directory for authenticating on QV. Your problem could be to enter multiple LDAP groups in junction configuration.

Regards,

Gregor

ashokamp
Contributor II
Contributor II
Author

Hi Gregor,

Thank you .  My question is If I add custom directory for External Users to the current setup, then the external users will need to be provided Qlik Passwords and the SSO will not be applicable for them?

The existing users can access the dashboards with SSO as their names are from LDAP?

Can you please clarify .

Thanks

Ashok

Bill_Britt
Former Employee
Former Employee

HI,

If you are using Header and SSO  you will either have to add another Webserver and use custom users or add them to the new Webservers local directory.

Bill

Bill - Principal Technical Support Engineer at Qlik
To help users find verified answers, please don't forget to use the "Accept as Solution" button on any posts that helped you resolve your problem or question.
gregortvw
Contributor III
Contributor III

Hi Ashok,

if you use a custom directory for your external users, you have to provide them a password. Also it could be a problem for TAM to get the ACL, because you're using a local ACL, only QVS know about. If you don't change anything on the existing setup (keep LDAP authentication on WebSeal, and Header Authentication on QVWS) existing users won't experience any changes.

In my particular setup we used an LDAP group to authenticate on junction, AD groups to manage access rights to particular apps and again (other) LDAP groups to manage section access within the app. Yes, a bit complicated, but it was a policy of our IT-Sec guys.

Regards,

Gregor

ashokamp
Contributor II
Contributor II
Author

Hi Bill/Gregor thank you for your suggestions.

Hi Bill,

If i use two webserver can you please clarify on the below point.

1. Two webservers will be in different mahines ( one for each server).?

2. Two Webservers are configured to single QV server. So only one accesspoint. right?

Thanks

Ashok Kumar J