Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
Not applicable

QV Web Server: User Authentication against Active Directory issues

I'm new to QlikVew and have been trying to find solution in authenticating users in QV Web Server for days.

Here is our setup:

1.We have installed QV Server (QV Web Server, not IIS) in machine A which is part of domain A, and we want to authenticate users (Windows users) who are part of domain B (corporate domain) via Active Directory.

2. Neither machine A nor domain A is part of domain B (no joining)

We use QV Small business edition.

My question is how can I configure QVS to support the user authentication thru LDAP? I read couple discussions, it seems like the only option is to build my own SSO authentication against LDAP and pass header to QVS. Is there any simple option out of the box from QVS? I want to avoid building authentication unless it's really needed.

Any helps are appreciated. Thanks.

Labels (1)
9 Replies
Bill_Britt
Former Employee
Former Employee

Hi,

You will have to setup a trust between the Domains. QlikView doesn't do authentication, Windows does that. QlikView only does authorization.

Bill

Bill - Principal Technical Support Engineer at Qlik
To help users find verified answers, please don't forget to use the "Accept as Solution" button on any posts that helped you resolve your problem or question.
Not applicable
Author

Thanks Bill. If, due to security reasons, trusts between domains can't be established, is there any other option? It looks like I can use a custom authentication to authenticate user thru LDAP against AD. Now the problem is QVS authorization, I just learned QV SBE won't suppport DMS, only NTFS. I wish we know this early. Now, what'll be my options? Any advice? Thanks.

CL

Not applicable
Author

Hi Ng,

     Need to have more information from you as per below:

     - Does Domain A and Domain B is having same network segment ?

     - what is the service account that you used to start the QV services ?

Regards,

Kho

Bill_Britt
Former Employee
Former Employee

Hi,

You would have to right some type of SSO page and do the authentication with that and pass the Header information to QVS.

Bill

Bill - Principal Technical Support Engineer at Qlik
To help users find verified answers, please don't forget to use the "Accept as Solution" button on any posts that helped you resolve your problem or question.
Not applicable
Author

Hi Bill/Lien, appreciate your helps as I'm planning a production deployment with IT.

Lien,

Here are the answers to your questions.

     - Does Domain A and Domain B is having same network segment ?

No, different segment. They're at two different regional data center.

     - what is the service account that you used to start the QV services ?

I setup a local QVAdmin account under Administrators group to run QV services.

Bill,

Yes, I wrote SSO and was able to authenticate AD users without any issues thru LDAP. The issue now is user authorization. Because QV SBE doesn't support DMS, I am unable to manage user access unless I add user to the local server since SBE only supports NTSF mode. Any suggestions?

Thanks.

CL

Not applicable
Author

Hi Ng,

     the user access authorization you mentioned is the access level of particular QV App?

Regards,

Kho

Not applicable
Author

Kho, Yes, I meant user access to the QV document in QVS.

Not applicable
Author

Hi Ng,

     We achieve it by using Ecxel with AccessControl and ApplicationControl in QVW.

Regards,

Kho

Not applicable
Author

Hi Ng,

     Please find below example on how we achieve it by using AccessControl in Excel file:

Section Access;
Access:
LOAD ACCESS,
     USERID,
     PASSWORD,
     NTNAME,
     GROUP,
     TABGROUP
FROM
[..\ExternalFiles\Security.xlsx]
(ooxml, embedded labels, table is AccessControl);

/Section Application;
Section_Application:
LOAD GROUP,
     AreaCode
FROM
[..\ExternalFiles\Security.xlsx]
(ooxml, embedded labels, table is ApplicationControl);

     The first part of example is to define which user have authority to access the particular App and the second part of the example is to control the authorized user to particular "area code" selection.

     Therefore, while the authorized user login to the said App, he or she can only select the area code that I defined in security.xlsx.

     Hoped it give some ideal for your Apps.

Regards,

Kho