Qlik Community

QlikView Deployment

Discussion Board for collaboration related to QlikView Deployment.

Not applicable

QV Web Server: User Authentication against Active Directory issues

I'm new to QlikVew and have been trying to find solution in authenticating users in QV Web Server for days.

Here is our setup:

1.We have installed QV Server (QV Web Server, not IIS) in machine A which is part of domain A, and we want to authenticate users (Windows users) who are part of domain B (corporate domain) via Active Directory.

2. Neither machine A nor domain A is part of domain B (no joining)

We use QV Small business edition.

My question is how can I configure QVS to support the user authentication thru LDAP? I read couple discussions, it seems like the only option is to build my own SSO authentication against LDAP and pass header to QVS. Is there any simple option out of the box from QVS? I want to avoid building authentication unless it's really needed.

Any helps are appreciated. Thanks.

Tags (2)
Labels (1)
9 Replies
Employee
Employee

Re: QV Web Server: User Authentication against Active Directory issues

Hi,

You will have to setup a trust between the Domains. QlikView doesn't do authentication, Windows does that. QlikView only does authorization.

Bill

Not applicable

Re: QV Web Server: User Authentication against Active Directory issues

Thanks Bill. If, due to security reasons, trusts between domains can't be established, is there any other option? It looks like I can use a custom authentication to authenticate user thru LDAP against AD. Now the problem is QVS authorization, I just learned QV SBE won't suppport DMS, only NTFS. I wish we know this early. Now, what'll be my options? Any advice? Thanks.

CL

Not applicable

Re: QV Web Server: User Authentication against Active Directory issues

Hi Ng,

     Need to have more information from you as per below:

     - Does Domain A and Domain B is having same network segment ?

     - what is the service account that you used to start the QV services ?

Regards,

Kho

Employee
Employee

Re: QV Web Server: User Authentication against Active Directory issues

Hi,

You would have to right some type of SSO page and do the authentication with that and pass the Header information to QVS.

Bill

Not applicable

Re: QV Web Server: User Authentication against Active Directory issues

Hi Bill/Lien, appreciate your helps as I'm planning a production deployment with IT.

Lien,

Here are the answers to your questions.

     - Does Domain A and Domain B is having same network segment ?

No, different segment. They're at two different regional data center.

     - what is the service account that you used to start the QV services ?

I setup a local QVAdmin account under Administrators group to run QV services.

Bill,

Yes, I wrote SSO and was able to authenticate AD users without any issues thru LDAP. The issue now is user authorization. Because QV SBE doesn't support DMS, I am unable to manage user access unless I add user to the local server since SBE only supports NTSF mode. Any suggestions?

Thanks.

CL

Not applicable

Re: QV Web Server: User Authentication against Active Directory issues

Hi Ng,

     the user access authorization you mentioned is the access level of particular QV App?

Regards,

Kho

Not applicable

Re: QV Web Server: User Authentication against Active Directory issues

Kho, Yes, I meant user access to the QV document in QVS.

Not applicable

Re: QV Web Server: User Authentication against Active Directory issues

Hi Ng,

     We achieve it by using Ecxel with AccessControl and ApplicationControl in QVW.

Regards,

Kho

Not applicable

Re: QV Web Server: User Authentication against Active Directory issues

Hi Ng,

     Please find below example on how we achieve it by using AccessControl in Excel file:

Section Access;
Access:
LOAD ACCESS,
     USERID,
     PASSWORD,
     NTNAME,
     GROUP,
     TABGROUP
FROM
[..\ExternalFiles\Security.xlsx]
(ooxml, embedded labels, table is AccessControl);

/Section Application;
Section_Application:
LOAD GROUP,
     AreaCode
FROM
[..\ExternalFiles\Security.xlsx]
(ooxml, embedded labels, table is ApplicationControl);

     The first part of example is to define which user have authority to access the particular App and the second part of the example is to control the authorized user to particular "area code" selection.

     Therefore, while the authorized user login to the said App, he or she can only select the area code that I defined in security.xlsx.

     Hoped it give some ideal for your Apps.

Regards,

Kho

Community Browser