Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
anguila
Partner - Creator
Partner - Creator
‎2012-10-08 12:32 PM

Forms authentication through Active Directory and getTicket

Hi,

I know there are many information about that in the forum but I didn't find a clear answer, so sorry for be redundant..

Our scenario:

We have a Qlikview Server configured in NTFS Mode so the autoritzation is through IWA (Integrated Windows Authentication), but we want to change that internet explorer popup to our login (asp.net) system  using forms authentication linked to Active directory achieaving a single-sign-on system through our login, thus when a already logged user (in our login solution) click a qvw link, automatically will be logged in qlikview system.

I found many examples to that getTicket system, but as I understood its (almost) compulsory to change authentication to DMS-Mode, is that true?

Question 1:  There is a way to use getTicket with NTFS Mode? If its not, there is another method instead of getTicket to achieve the same behaviour? (without using html header for the insecurity/spoofing issue)

As I read in the qlikview server manual, NTFS Mode is suitable for all that Active Directory authoritzation method:

"NTFS  is  the  default  document  authorization  model,  suitable  when  all  users  and  groups  are  identified  in

Active  Directory  or  locally  on  the  QlikView  Server  host"

So this definition fits in our users-structure system, so if we can 'overwrite' the login page of Qlikview through our own logging system in NTFS-Mode and its compulsory to switch to DMS-Mode, I wonder if:

Question2: Can we use a active directory tree (LDAP PATH) as a source of users in DMS-mode? We have to import all users each time we add a new user in A.D or it reads the ldap path each time dinamically?

That second questions is a result of reading:

"DMS  integrates  fully  with  the existing  Directory  Service  Provider  (for  example,  Active  Directory,  other  LDAP)  where  Group  Membership

has  been  recorded  –  this  is  a  mechanism  by  which  QlikView  Server  can  re- use  existing  enterprise  accounts

and  group  structures.  The  permitted  users  or  groups are  recorded in  a  meta  file  that  resides  next  to  the

QlikView  document,  and  it  is  managed  using  QMC"

So I'm not sure at all if its dinamically or not...

Question3: Maybe we should go for dual (ntfs-mode + dms mode) authoritzation, is that even possible/right having in mind the scenario I told you before?

Thanks for your time!

David.

984 Views
0 Likes
0 Replies