We have QlikView Server 9 SR2 and we want to use the AccessPoint's default login page, but it seems not to be working. Can somebody explain step-by-step configuration for users authentication via the default login.htm?
This is how our configuration looks like and let's say we use "NTFS Authorization (Windows controls file access)":
We tried to connect the server with our AD, but we are experincing some problems.
Our settings are:
And no one can access the AccessPoint except the local administrator of the machine the server resides. Do you have any idea why is that happening?
I tried also to set it up as a Custom Directory in order to have the login page (there is no particular reason we want to use the login page, except when we use it there is log off button in the AccessPoint) it didn't work.
Could you please explain in details or give example for a successful security setting? Are there any materials that explain how to set up security? I read most of the topics in the manual but i couldn't figure it out
I've already read these instructions in the manual. The part "* setup a custom user provider on the DSC" is the most unclear one. Let me try to explain how far we've come for almost a week, what we decided our architecture should be and what issues we faced. First we wanted to connect the server with our AD. You explained that the login page works only with custom users which in fact was the answer maybe for this topic. We faced that if the server is not in the same domain as the AD it simply won't work. So we moved it and evrything worked fine with NTFS mode set for security and Active Directory for Directory Service Connector. Everyone could access the files through the access point, which was fine.
Now we want to represent some files to our clients. But we don't want to use the anonymous account because there are files for one client and files for another client. We don't want also to make new records in this AD or new users or user groups in the OS itself. So we think for the custom directory for Directory Service Connector (with or without login page doesn't matter in order it just go). We want to setup QVS to work with Domino LDAP. And when we set it up in the log file says:
18.11.2009 ?. 12:40:26.0980000 Information (CustomDirectory.CustomDirectoryServiceProvider) setting CU-Port to <389> 18.11.2009 ?. 12:40:26.0980000 Information Initializing 18.11.2009 ?. 12:40:26.0980000 Information Starting webservice at port 389 18.11.2009 ?. 12:40:26.0980000 Information Initializing system webserver 18.11.2009 ?. 12:40:26.0980000 Information Webserver security set to: Ntlm 18.11.2009 ?. 12:40:26.0980000 Information Authorization groupname: QlikView Administrators 18.11.2009 ?. 12:40:26.0980000 Information Initializing done
which I suppose is good, right? But in the users tab it doesn't list the users (there are already some users created) and also no one can access the access point or the server except the server administrator account. Questions:
1. Could you give instructions how to setup QV to work with Domino LDAP? More precise instructions for setting up security using custom users will be great, because personally I couldn't find anywhere in the community, blogs, google, etc. fine instructions. Moreover I saw some posts regarding security which were not answered at all which is very frustrating. Even a manual in the next versions how to set up security will be useful.
2. When we already have existing users should they be listed in the Users tab when using custom directory?
3. The log says "Webserver security set to: Ntlm". What is this, should and where it can be changed?
4. When we use custom users should the access be ONLY through the login page?
I think there will be more questions when we want to integrate some charts with our web applications but let's build the security first.
i could have got it backwards, but it sounds like you want to use the custom users provider to connect the DSC to domino ldap and manage you users there. this is not how the custom users provider works, instead it is an alternative user catalogue in itself. so you add users and groups in the QEMC gui (or in bulk with a tool called ldifimport available as a separate download). it won't connect to any other catalogue (e.g., domino ldap).
there is an API available for developing your own plugin to connect the DSC to any user catalogue, but this takes some time and C# development skills.
ntlm security is the authentication protocol used by the services when communicating with the DSC.
custom users requires that you always access through the login page, since no other way knows how to authenticate the user with the custom users provider.
in short, if you want to use domino ldap you need a DSC plugin (called a DSP), and a new login page that can authenticate with domino ldap. if you are only planning to use domino ldap for QV i would recommend going for a custom users solution which would save you the development. the downside being that you need to add your internal users as custom users too (you cannot combine custom users uathentication with for example active directory).