Qlik Community

Ask a Question

QlikView Administration

Discussion Board for collaboration on QlikView Management.

Announcements
Our next Qlik Insider session will cover new key capabilities. Join us August 11th REGISTER TODAY
cancel
Showing results for 
Search instead for 
Did you mean: 
KashifShah1
Partner
Partner

SSO With Qlikview Extranet Server

Can a single sign on be achieved on Qlikview Extranet Server using Ticketing Solution ?

I have external users (Not in my firm domain), and my Qlikview Extranet is deployed on IIS standalone in my internet zone.

We have a website with custom authentication and two factor enabled. 

 

Labels (4)
3 Replies
Bill_Britt
Support
Support

Hi,

You should be able to if your license permits it. 

DISABLE_DMS;YES;; Means you have to use Windows Authentication.

Bill

 

 

Bill

Bill - Designated Support Engineer at Qlik
To help users find verified answers, please don't forget to use the "Accept as Solution" button on any posts that helped you resolve your problem or question.
KashifShah1
Partner
Partner
Author

Thanks Bill .

In all the CTE examples i have seen, it shows that we need to enable DMS mode on Qlikview server.

What we have done is, created a website for our clients. The authentication for this website is handled separately by us using Web services. Once successfully logged in, we force the user to generate an OTP (Via registered email) and only on validation of the OTP, we request the Qlikview server for a Token.

The same user is already created as a local windows user on the Qlikview Extranet server. Now when we try to redirect to Access point, it says Login failed (With Web server Authentication set to NTLM or Header). The Authorization is set to DMS only.

We assume that once Qlikview has generated a token, it should automatically open access point when we call the AP URL

Brett_Bleess
Support (Former)
Support (Former)

I did confirm QES allows DMS security mode, so you are good there, so the only thing of which I can think is you have a mismatch in the DMS Authorization and what the QVS Ticket is based upon, we have to have a string match there.  You should be able to see in the QVWS logs, if they are set to high verbosity, what the user is that is coming in I think, but may just show the ticket, but I would then also check QVS Event log to be sure you see the ticket being created there, and do not forget that tickets have a short life, couple of minutes, so if there is a lag in getting the ticket back to the user and them passing it back, it could be that the ticket has expired in which case the QVS Event log should state as much I believe. 

QES does support SSO as well, so in theory things should work, but something has to be out of sync here, hopefully this may give you a couple more things to check upon to see if you can spot what may be wrong. 

Regards,
Brett

To help users find verified answers, please do not forget to use the "Accept as Solution" button on any post(s) that helped you resolve your problem or question.
I now work a compressed schedule, Tuesday, Wednesday and Thursday, so those will be the days I will reply to any follow-up posts.