Qlik Community

QlikView Management

Discussion Board for collaboration on QlikView Management.

Not applicable

Qlikview - generating webtickets. Any way of locking this down?

Hi,

I've just setup QlikView Server 11.2 SR1 and am looking at integrating the WebTicket system with our current SAML authentication code in our application portal.

Is there any way to modify the QV configuration so that access to GetWebTicket.aspx is restricted?

Currently, any user authenticated on the domain can fire up a browser, and hit /qvajaxzfc/getwebticket.aspx?cmd=<Global method="GetWebTicket"><UserId>domain\user</UserId></Global> and get a web ticket through the return XML with any domain\user value. Then use this ticket with authenticate.aspx to login to the system as said user.

The reason I'm keen to restrict this is because not all users on our QV Server should get access to certain .qvw models.

Many thanks.

GG

3 Replies
MVP
MVP

Re: Qlikview - generating webtickets. Any way of locking this down?

Hi,

The ticket should just authenticate the user to the portal. Then in the Distribution task you can specify the authorized users to open that document in the Publisher task itself, and using section access too. If the user is authenticated but not authorized, this will not see the document, therefore will not be able to open it.

There is a third way going to the QMC and setting manually which groups are able to see what documents, again, even when the user has a ticket, i.e.: has been properly authenticated, will not be able to open a document he is not authorized to.

Hope that helps.

Miguel

danielrozental
Honored Contributor II

Re: Qlikview - generating webtickets. Any way of locking this down?

Only QlikView administrators should be able to request tickets, are you sure you've not included the group users in th e qlikview administrators group?

Not applicable

Re: Qlikview - generating webtickets. Any way of locking this down?

Ahh okay, I didn't realise that only QV Admins were allowed to request tickets. I'll test this and see with a normal user (my NTLM login is part of the QlikViewAdministrators group).

Community Browser