Qlik Community

QlikView Deployment

Discussion Board for collaboration related to QlikView Deployment.

Announcements
QlikView Fans! We’d love to hear from you.
Share your QlikView feedback with the product team… Click here to participate in our 5-minute survey.
Rules, plus terms and conditions, can be found here.
Not applicable

Problem with AccessPoint login page

Hi,

We have QlikView Server 9 SR2 and we want to use the AccessPoint's default login page, but it seems not to be working. Can somebody explain step-by-step configuration for users authentication via the default login.htm?

This is how our configuration looks like and let's say we use "NTFS Authorization (Windows controls file access)":

error loading image

17 Replies
lhr
Contributor III

Problem with AccessPoint login page

hello,

login.htm is supposed to be used if you utilize custom-users, which in turn is designed to be used with DMS-mode. it doesn't work in NTFS mode.

why do you want to use the login page and not the default authentication?

cheers,

lars

Not applicable

Problem with AccessPoint login page

Hi,

Thanks for the quick answer.

Indeed we want to use the login.htm with DMS mode and we just tryed it with NTFS. It is good to know it doesn't work with NTFS.

Could you explain what exactly we should do in order it goes? Is it only we specify the DMS mode and the AD, or we should also set the "User name header" field? What is that field for?

lhr
Contributor III

Problem with AccessPoint login page

the login.htm page is designed for custom users (which can be set up on the DSC) and if you choose to use it the AD is not involved in authentication / authorization in any way.

user name header is used if authentication is handled by some 3rd party system that adds credentials to the http-headers, i.e., it doesn't apply if you use the login.htm page.

why do you want to use the login.htm if you have an AD?

cheers,

lars

Not applicable

Problem with AccessPoint login page

Hi,

We tried to connect the server with our AD, but we are experincing some problems.

Our settings are:

And no one can access the AccessPoint except the local administrator of the machine the server resides. Do you have any idea why is that happening?

I tried also to set it up as a Custom Directory in order to have the login page (there is no particular reason we want to use the login page, except when we use it there is log off button in the AccessPoint) it didn't work.

Could you please explain in details or give example for a successful security setting? Are there any materials that explain how to set up security? I read most of the topics in the manual but i couldn't figure it out Smiley Sad

lhr
Contributor III

Problem with AccessPoint login page

when you say you can't access the accesspoint do you mean you get a http-error on the url or that you can't see any documents when you get there?

if you can't get to the url it could be a firewall issue.

Not applicable

Problem with AccessPoint login page

I meant that when I get there it didn't accept my credentials if they were not the local administrator. But the problem was that the machine wasn't at the same domain as the access directory.

And if I want to use DMS Authorization with Custom Users in order to use the login page for access (for example for external users) what are the steps to set up this architecture?

lhr
Contributor III

Problem with AccessPoint login page

basically you need to:

* set the QVS in DMS mode

* set permissions on you documents in the DMS, either manually or by running your distribution tasks

* setup a custom user provider on the DSC

* add custom users, either manually, or using the the ldifimport tool available as a separate download.

cheers,

lars

Not applicable

Problem with AccessPoint login page

Hi Lars,

I've already read these instructions in the manual. The part "* setup a custom user provider on the DSC" is the most unclear one. Let me try to explain how far we've come for almost a week, what we decided our architecture should be and what issues we faced. First we wanted to connect the server with our AD. You explained that the login page works only with custom users which in fact was the answer maybe for this topic. We faced that if the server is not in the same domain as the AD it simply won't work. So we moved it and evrything worked fine with NTFS mode set for security and Active Directory for Directory Service Connector. Everyone could access the files through the access point, which was fine.

Now we want to represent some files to our clients. But we don't want to use the anonymous account because there are files for one client and files for another client. We don't want also to make new records in this AD or new users or user groups in the OS itself. So we think for the custom directory for Directory Service Connector (with or without login page doesn't matter in order it just go). We want to setup QVS to work with Domino LDAP. And when we set it up in the log file says:

18.11.2009 ?. 12:40:26.0980000 Information (CustomDirectory.CustomDirectoryServiceProvider) setting CU-Port to <389>
18.11.2009 ?. 12:40:26.0980000 Information Initializing
18.11.2009 ?. 12:40:26.0980000 Information Starting webservice at port 389
18.11.2009 ?. 12:40:26.0980000 Information Initializing system webserver
18.11.2009 ?. 12:40:26.0980000 Information Webserver security set to: Ntlm
18.11.2009 ?. 12:40:26.0980000 Information Authorization groupname: QlikView Administrators
18.11.2009 ?. 12:40:26.0980000 Information Initializing done

which I suppose is good, right? But in the users tab it doesn't list the users (there are already some users created) and also no one can access the access point or the server except the server administrator account. Questions:

1. Could you give instructions how to setup QV to work with Domino LDAP? More precise instructions for setting up security using custom users will be great, because personally I couldn't find anywhere in the community, blogs, google, etc. fine instructions. Moreover I saw some posts regarding security which were not answered at all which is very frustrating. Even a manual in the next versions how to set up security will be useful.

2. When we already have existing users should they be listed in the Users tab when using custom directory?

3. The log says "Webserver security set to: Ntlm". What is this, should and where it can be changed?

4. When we use custom users should the access be ONLY through the login page?

I think there will be more questions when we want to integrate some charts with our web applications but let's build the security first.

Thanks in advance,

Svetlin.

lhr
Contributor III

Problem with AccessPoint login page

i could have got it backwards, but it sounds like you want to use the custom users provider to connect the DSC to domino ldap and manage you users there. this is not how the custom users provider works, instead it is an alternative user catalogue in itself. so you add users and groups in the QEMC gui (or in bulk with a tool called ldifimport available as a separate download). it won't connect to any other catalogue (e.g., domino ldap).

there is an API available for developing your own plugin to connect the DSC to any user catalogue, but this takes some time and C# development skills.

ntlm security is the authentication protocol used by the services when communicating with the DSC.

custom users requires that you always access through the login page, since no other way knows how to authenticate the user with the custom users provider.

in short, if you want to use domino ldap you need a DSC plugin (called a DSP), and a new login page that can authenticate with domino ldap. if you are only planning to use domino ldap for QV i would recommend going for a custom users solution which would save you the development. the downside being that you need to add your internal users as custom users too (you cannot combine custom users uathentication with for example active directory).

cheers,

lars

Community Browser