Qlik Community

QlikView Deployment

Discussion Board for collaboration related to QlikView Deployment.

Not applicable

Security in multi domain enviroment

Hi Community

I have a customer who is running QVS EE (version 10) which is installed on domain A. They have users on multiple domains - most on domain A (where QV is also installed), but also on domain B and domain C.

They have trust between the domains, so to grant users access across the domains, I have added the LDAP's in QEMC (under Directory Service Connector settings). They are using NTLM and the default login page.

Users on domain A are working perfectly - they are automatically granted access without problems. But users from domain B and C are prompted for username and password before they get access.This is not desireable for my customer, so I'm trying to change that.

Is it possible for users from all domains to get 'automatic' access - so not prompted for username/password? Or does QV only support 1 domain?

My customer is currently in the process of moving all users from domain A to domain B, so over time the problem will increase (untill I move QV to domain B as well).

The documentation on this is pretty sketchy and I haven't been able to find the answers elsewhere.

Hope you can help.

Br,
Hasse Bæk Nielsen

Labels (1)
1 Solution

Accepted Solutions
Not applicable

Re: Security in multi domain enviroment

Hi Richard

Yes - I got this working. But it turned out that the problem was most likely caused by some changes to the network configuration, so I am not sure my ‘solution’ will work for you.

I discovered that the users from domain B was using a different url when accessing the QV AP; something like ‘http://QVServer.DomainA.internal/qlikview/index.htm‌’. And it was only when using this, the users were prompted for user name/password.

The regular users were using ‘http://QVServer/qlikview/index.htm’. When I had the users from domain B use the regular url, they were not prompted.

I suspect that there is a good explanation for this, but unfortunately I never got to the bottom of why the access point url was constructed like this in the first place and if some later network change caused the problems.

Thanks for all your help everybody – most appreciated.

Br,

Hasse

7 Replies
Employee
Employee

Re: Security in multi domain enviroment

I would think if that is happening there is an issue with the trusts.

Bill

Not applicable

Re: Security in multi domain enviroment

Hi Bill

Thank you - really appreciate your help.

Any ideas how I test if the trust is indeed the cause of this? The domains including the trust are managed by internal IT of the customer, so hard for me to debug.

Br,
Hasse

Employee
Employee

Re: Security in multi domain enviroment

Hi,

I may have read you issue wrong. After they input their user name and password do they get in? If so try adding  the site to their trusted site in IE?

Bill

Not applicable

Re: Security in multi domain enviroment

Hi Bill

Thanks again.

Yes, after typing username and password, they get in just fine.

I will try to fiddle with the IE security settings. Hope that will solve it.

Br,
Hasse

mov
Esteemed Contributor III

Re: Security in multi domain enviroment

Try to add it to trusted sites in IE security

richho_microp
New Contributor III

Re: Security in multi domain enviroment

Hi Hasse,

Did you ever get this working? I've tried adding the site to the trusted ones and it still doesn't seem to work?

Not applicable

Re: Security in multi domain enviroment

Hi Richard

Yes - I got this working. But it turned out that the problem was most likely caused by some changes to the network configuration, so I am not sure my ‘solution’ will work for you.

I discovered that the users from domain B was using a different url when accessing the QV AP; something like ‘http://QVServer.DomainA.internal/qlikview/index.htm‌’. And it was only when using this, the users were prompted for user name/password.

The regular users were using ‘http://QVServer/qlikview/index.htm’. When I had the users from domain B use the regular url, they were not prompted.

I suspect that there is a good explanation for this, but unfortunately I never got to the bottom of why the access point url was constructed like this in the first place and if some later network change caused the problems.

Thanks for all your help everybody – most appreciated.

Br,

Hasse

Community Browser