Qlik Community

QlikView Deployment

Discussion Board for collaboration related to QlikView Deployment.

millnet-maho
New Contributor II

qvs://... could not be opened by IE plugin; "Session stop reason: can't secure" with header authentication

QVS 11.20R5 and matching IE plugin; IIS 7.0; IE 11.

Opening a document with the IE plugin from QV AccessPoint yields (after a while) the generic "qvp://full.domain.name/document.qvw?iis_authenticate=ABCDABCD...&tunneler=https://full.domain.name/Scripts/QVStunnel.dll?host=hostname could not be opened" kind of error message.

The plugin leaves a hint in the IIS log in the form of the query string "host=hostname+Unable+to+receive+length+from+localhost:4774+(0!=4)+{0}" and the QVS event log says "Ticket created: Ticket (ABCDABCD...)" (matching the iis_athenticate parameter) followed by "Session stop reason: can't secure".

What's special about this setup is that we're using "header" as authentication type with a custom header name; there's no user directory available (we're using federated authentication with Shibboleth and ADFS). Authorization is set to DMS. I tested adding a custom directory, containing my username, to no avail.

Port 4747 is not open and we'd rather keep it that way; /Scripts/QVStunnel.dll?test tells me that the tunnel dll is functional. AjaxZfc works.

Is there any technical documentation available as to how this iis_authenticate token works and what "cant't secure" might mean? I'm assuming that the token identifies and authenticates the user and that no further authentication takes place. Right? Could the problem be TLS related?

Bonus question: I thought the point of "Always tunnel" was to tell AccessPoint to tell the plugin not to try port 4747, but it does anyway. What is the point then?

4 Replies
Not applicable

Re: qvs://... could not be opened by IE plugin; "Session stop reason: can't secure" with header authentication

Hi everyone.

Today, i pass the same problem.

So, i can resolved desable the security in the internet option, the Internet and Local Intranet.

Is my tip.

Hugs.

Employee
Employee

Re: qvs://... could not be opened by IE plugin; "Session stop reason: can't secure" with header authentication

Hi,

If you are going to block port 4747, it has to tunnel. I would use the attached document to make sure you have correctly setup tunneling.

Bill

Highlighted
Not applicable

Re: qvs://... could not be opened by IE plugin; "Session stop reason: can't secure" with header authentication

Hi Bill,

no problem with port 4747. This case is only one user, using IE 11. In other computer using IE10, the same user don´t have problem with qvw.

So, i disable the security the IE and problem is solved.

You understand?

Hugs.

anantmaxx
Contributor III

Re: qvs://... could not be opened by IE plugin; "Session stop reason: can't secure" with header authentication

Hi Paulo,

What is the exact steps you did in Security setting in IE browser,

actually my problem is same you resolved all the other user can access dashboard but one

particular user is having this IIS authenticate /tunnel  problem.

Can you please let me know exact steps to disable security in browser of IE 11

Thanks

Anant

Community Browser