IE 7 Integrated Windows Authentication - Qlik Community

elbertfjr22 · ‎2010-04-14

Hi Guys,

Anyone out there might have an idea why I'm experiencing this problem; QVS 9 SR2, IIS for the web server, NTFS authorization, IE 7 client browser. When I enable the Integrated Windows Authentication settings in the client browser (IE 7), I'm getting an extra login page when opening an application. Single sign-on is not working. When I disable it, everything is fine.

I have actually 2 QVSs installed. One is the production the other is a UAT. They are on a different subnet. The production server works fine with the Integrated Windows Authentication setting enabled (from client browser). The problem is only on the UAT server. The QVS and IIS configuration are exactly the same on the 2 setups.

Client is on a different subnet than the 2 QVSs.

Thanks a lot for your reply,

elbertfjr22 · ‎2010-04-14

Hi again guys,

Found this new behavior on my problem above:

If I launch Fiddler (to trace whats going on) the problem is not hapening. (It looks like it is avoiding to be traced.) But I sure there is a logical explanation to this.

Thanks again,

Elbert

Bjorn_Wedbratt · ‎2010-04-16

Hi Elbert,

Not sure if you checked it, but pay attention to the zone being used in IE and make sure you're in the Local intranet zone the whole time.

Also, when you say different subnet's do you mean different subnets (like 10.1.x.x and 10.2.x.x) or do you mean different sub-domains (like sub1.domain.com, sub2.domain.com)?

Btw, when do you recieve the login page? Is it when accessing Accesspoint, or when clicking on a document?

elbertfjr22 · ‎2010-04-16

Thank you Bjorn,

My reply:

Not sure if you checked it, but pay attention to the zone being used in IE and make sure you're in the Local intranet zone the whole time.

The URLs of my servers are in the Trusted Sites zone.

Also, when you say different subnet's do you mean different subnets (like 10.1.x.x and 10.2.x.x) or do you mean different sub-domains (like sub1.domain.com, sub2.domain.com)?

They are in the same domain, different subnets (like 10.1.x.x and 10.2.x.x)

Btw, when do you recieve the login page? Is it when accessing Accesspoint, or when clicking on a document?

When clicking on a document

Again, many thanks! 🙂

Bjorn_Wedbratt · ‎2010-04-16

Try moving the sites to Local Intranet zone. If you want to keep the sites in Trusted sites go Tools|Internet Options. Select Trusted Sites, and then click Custom Level. (you will define how authentication will work for all Trusted Sites). Go to the very bottom of the list of options and select the option to allow automatic logon with the current user name and password.

elbertfjr22 · ‎2010-04-18

Thanks again Bjorn,

I already changed the Custom level settings of the Trusted site to "Automatic Logon with current user name and password". As I mentioned above, the production QVS is not behaving the same way, where both of the URLs are in the Trusted sites.

I suspect some configurations in the routers or firewall or Kerberos. But I cannot pinpoint any area for the infrastructure team to check.

Thanks and regards,

Elbert