Skip to main content
Announcements
NEW: Seamless Public Data Sharing with Qlik's New Anonymous Access Capability: TELL ME MORE!
cancel
Showing results for 
Search instead for 
Did you mean: 
Not applicable

Security in multi domain enviroment

Hi Community

I have a customer who is running QVS EE (version 10) which is installed on domain A. They have users on multiple domains - most on domain A (where QV is also installed), but also on domain B and domain C.

They have trust between the domains, so to grant users access across the domains, I have added the LDAP's in QEMC (under Directory Service Connector settings). They are using NTLM and the default login page.

Users on domain A are working perfectly - they are automatically granted access without problems. But users from domain B and C are prompted for username and password before they get access.This is not desireable for my customer, so I'm trying to change that.

Is it possible for users from all domains to get 'automatic' access - so not prompted for username/password? Or does QV only support 1 domain?

My customer is currently in the process of moving all users from domain A to domain B, so over time the problem will increase (untill I move QV to domain B as well).

The documentation on this is pretty sketchy and I haven't been able to find the answers elsewhere.

Hope you can help.

Br,
Hasse Bæk Nielsen

Labels (1)
1 Solution

Accepted Solutions
Not applicable
Author

Hi Richard

Yes - I got this working. But it turned out that the problem was most likely caused by some changes to the network configuration, so I am not sure my ‘solution’ will work for you.

I discovered that the users from domain B was using a different url when accessing the QV AP; something like ‘http://QVServer.DomainA.internal/qlikview/index.htm‌’. And it was only when using this, the users were prompted for user name/password.

The regular users were using ‘http://QVServer/qlikview/index.htm’. When I had the users from domain B use the regular url, they were not prompted.

I suspect that there is a good explanation for this, but unfortunately I never got to the bottom of why the access point url was constructed like this in the first place and if some later network change caused the problems.

Thanks for all your help everybody – most appreciated.

Br,

Hasse

View solution in original post

7 Replies
Bill_Britt
Former Employee
Former Employee

I would think if that is happening there is an issue with the trusts.

Bill

Bill - Principal Technical Support Engineer at Qlik
To help users find verified answers, please don't forget to use the "Accept as Solution" button on any posts that helped you resolve your problem or question.
Not applicable
Author

Hi Bill

Thank you - really appreciate your help.

Any ideas how I test if the trust is indeed the cause of this? The domains including the trust are managed by internal IT of the customer, so hard for me to debug.

Br,
Hasse

Bill_Britt
Former Employee
Former Employee

Hi,

I may have read you issue wrong. After they input their user name and password do they get in? If so try adding  the site to their trusted site in IE?

Bill

Bill - Principal Technical Support Engineer at Qlik
To help users find verified answers, please don't forget to use the "Accept as Solution" button on any posts that helped you resolve your problem or question.
Not applicable
Author

Hi Bill

Thanks again.

Yes, after typing username and password, they get in just fine.

I will try to fiddle with the IE security settings. Hope that will solve it.

Br,
Hasse

Anonymous
Not applicable
Author

Try to add it to trusted sites in IE security

richho_microp
Contributor III
Contributor III

Hi Hasse,

Did you ever get this working? I've tried adding the site to the trusted ones and it still doesn't seem to work?

Not applicable
Author

Hi Richard

Yes - I got this working. But it turned out that the problem was most likely caused by some changes to the network configuration, so I am not sure my ‘solution’ will work for you.

I discovered that the users from domain B was using a different url when accessing the QV AP; something like ‘http://QVServer.DomainA.internal/qlikview/index.htm‌’. And it was only when using this, the users were prompted for user name/password.

The regular users were using ‘http://QVServer/qlikview/index.htm’. When I had the users from domain B use the regular url, they were not prompted.

I suspect that there is a good explanation for this, but unfortunately I never got to the bottom of why the access point url was constructed like this in the first place and if some later network change caused the problems.

Thanks for all your help everybody – most appreciated.

Br,

Hasse