QlikView provides a range of features to allow users to login and view documents using Single Sign On with a range of different technologies. A high level document detailing all of the various security options in QlikView can be found here this article covers the “Web Ticketing” approach and provides an example to get started from.
This document is intended for QlikView professionals and requires some understanding of security technologies and a small amount of programming and web technologies.
So what is a Web Ticket and when would I use one?
At a high level a QlikView Ticket is a way to seamlessly transfer the identity of a user from one system into QlikView. This however can be useful approach in a number of scenarios so lets look at where you could use it.
Please note: Web Ticket was added to QlikView in version 11, an older version of a similar method was available prior to this but carried a number of limitations. From this point forward we will focus on QlikView 11 and Web Ticket.
Scenario 1 – im already logged into a portal or website and now want to use QlikView
Let’s say you are logged into your company’s in-house built sales portal, when you logged in your gave this portal your user ID and password and the portal checked these against a database to be validated. Once logged in it creates a session for you and lets you look at all the pages you are permitted to. This application now trusts who you are.
Now your company has added QlikView and they want users to be able to navigate between content on the portal server and content on the QlikView server but they want it to be seamless and you shouldn’t need to log in again, only the applications know nothing about each other and QlikView doesnt know about the database with user IDs in.
QlikView needs a way to trust the users session from portal when being passed over. Using a the QlikView web ticket mechanism it is possible to set up a hand shake between the portal and QlikView so the portal can securely transfer a users session over. QlikView has established a trust between itself and the Portal application to be able to identify the user when they browse to QlikView content.
Scenario 2 – QlikView used in isolation, users stored in a database or LDAP
Lets assume we have list of user IDs and passwords held in a database or LDAP directory. QlikView doesn’t provide a “custom” login page that can handle the authentication of these users.
In this scenario a login page can be build which handles the user authentication part and then uses the Web Ticket mechanism to pass that user identitity into QlikView. In this case QlikView has still set up a Trust with an application, as in the above case, only here that application is just a single web page.
There are a range of other scenarios where this approach could be used such as those listed below. Of course there is more than one way of achieving security integration and using Web Ticket is just one method of achieving them:
How does Web Ticket work
Below are the steps that typically occur when using ticketing, sometimes there can be more or less steps depending on the scenario.
A couple of notes on web tickets
How to implement Security using Web Tickets
To use web tickets there are two area that need to be address The Code in your login page and the Server Configuration.
The configuration of QlikView:
The Code & Example:
The function to request a ticket is a fairly simple HTTP post command which returns a ticket as a string, this method can be used by a wide range of technologies. The examples provided here use asp.net but it can easily be adapted for PHP, Java and others.
In its raw form the HTTP Post entry to the getwebticket.aspx page on the QlikView server looks like this:
The response containing the ticket should look like this: <Global><_retval_>ABC123XYZ567FGH456</_retval_></Global>
The above raw commands need to be embedded into the code for the login form, the attached example is intended to be a basic demonstration of how to use these commands using asp.net. The example provides no actual logic to authenticate the user against anything but provides the framework to add it in. The example takes the form of a simple login page asking for a user ID, password and optional groups, for cases where you already have the identity of the user then the UI from the example could be removed to give a seamless login from one system to another.
The first part of the example is the login form, this is just a simple form with three boxes.
Once the login button is clicked there is a Login function that is called. This function in the example does nothing and always says the user is valid: here you would need to provide code to suit your environment, the example just trusts the entry automatically.
loginOK = ValidateUser(username, password);
Following user validation the next function makes the HTTP post to request a web ticket. The code requires the input of the URL of the QlikView server and in this case embeds a userid and password which has permissions to ask for a ticket (see notes on setting up QV trusts).
ticket = getTicket(username, groups, ticketinguser, ticketingpassword);
Once the ticket irs retuned a URL is build and the user is redirected to either the access point or to a single document.
You should now be redirected to the QlikView AccessPoint and be logged in at the user specified in the form and see the documents that user is permitted to see.
This is a basic example of how to using the web ticket function. I have written comments into the code example so that you may be able to follow through what is happening. I have also left the example as a single aspx file so you can edit it and use it with Notepad rather than visual studio.
I hope it is helpful in building you own login pages to QlikView using Web Ticket!!