I have Qlikview Server 9 installed and using IIS as the web server instead of the default QVWS. in order for qlikview to work, i need to enable windows integrated authentication and disable anonymous access.
however, this would mean i would need to enter a password everytime I wanted to access qlikview from outside the server box. is there a way to somehow let qlikview accept authentication tokens from windows so that if i log in as a user on an active directory that has access to qlikview, qlikview will automatically extract the user information and give me access without me having to type a username and password again.
Thanks in advance for any insight,
Yes. A local user should have been created with installation it is called IQVS_[machinename] . If you give this user access (in ntfs) to your qvw folder or direct access to the qvws you would like to show on AccessPoint then you can set the security in the QMC >User Documents >Authorization to Always anonymous. Click on the green plus sign and the option will be available there. If you are allowing anonymous in IIS this should work.
Hope this helps!
Thanks for your reply Karl. Unfortunately, it doesnt seem to work. The only way that Authorization options will even show up in the User Documents settings is if Qlikview is set to DMS authorization. But once I do this, wouldn't Qlikview just control file authorization directly and not even check the ntfs settings?
In any case, i tried it with setting only Anonymous access in IIS and I would always immediately get the "You are not authorized to see this page" error when I tried to access the AccessPoint page in a browser.
However, if I give the Virtual directory Qlikview integrated windows authentication, I dont get that page, but when accesspoint opens up, only the header picture is shown, nothing else. In Internet Explorer, it reports there is an error on the page on the botton left corner and clicking on the details says something about "Qva is undefined"
Is there something I'm missing?
I got the same through NTNAME section access.And it works for me.
You can check the same if it helps you.
The script is as below,
'USER' as ACCESS,
DOMAINNAME AS NTNAME,SCEN
Load SCEN Resident USERINFO;
Here my domain name and access info is coming from the database, so which all users NTNAME is mentioned in the database, they only can open the file.
And when the allowed user tries to open the file its not asking him the userid and password again, as the same is fetched from the windows NT login.
Hope it may help you.
I put all zerofoot print in a password protected folder , and front page before user logons shows a image located in this protected folder , thus forcing user to logon , if logon picture is green if not its red. then user need never logon agagain as im using ntusername.
Thanks for the reply Mahasweta,
I'm looking for something more along the lines of just having a group have permissions to Qlikview, and specifically how many users or who the users are in the group isn't important. Therefore, I don't have a database with all the user info as it would mean someone who have to keep track of new users being added and older users leaving. However, I'm trying to get it so that all user within that group will automatically have their credentials taken by Qlikview without having to enter in a username and password each time. Can section access be set to allow all users of a group and then check if users that try to access the QVW are members of that group?
You can create a group and then add users into the group within user management of IIS.
You then simply call NT Group name instead of the NT Username within the section access.
im sorry i mixed and matched here. The Authorization to Always anonymous in the User Documents is for DMS only.
Assuming your Directory Service Connector is set to you Active Directory adding the IQVS_[machinename] user to the NTFS permissions of your document folder should allow anonymous access. Be sure to check the settings of your System >Setup >QlikView Web Services ?AccessPoint ta as well for Authentication. Setting to Never is anonymous for AccessPoint...
But reading further into this thread that is not exactly what you want to do, is it?
Sorry for the confusion.
Can you clarify what your directory service resource is, i.e. dms, local, domain, custom... As there are a few ways to get this working.