If you need more security than IP addresses you coud use certificates (introduced in QV11).
In my case the webserver and QVS are on the same box so I guess I could just use 127.0.0.1, I wonder if that is the default value, I have to test that.
In the last sentence the document states
All solutions above are seen as good practice and should, if possible, be used instead of GetTicket
(as used in versions prior to QlikView 11).
So I guess the question is not "if" but "when".
Well, I've been doing a couple of tests with the Trusted IP settings and can't seem to be able to get it to work, no matter what I write in as a Trusted IP address I'm still able to request webtickets from any pc.
I'm not becoming a fan of the new webtickets, I guess IIS and windows authentication would still work.
i've tried to implement SSO with QV11 webticket.
No success so far.
I can get the ticket and when i fire the following URL
but my browser (IE, Firefox, Chrome,...) still ask me for loging in...
Do you have any idea on what's going wrong ?
How did you make it work?
Could you please share your settings
(qvs, qvws, iis,...)
Have you made any change to the config.xml or web.config files ?
Thanks a lot
Small update: I'm no longer concerned about the IP spoofing since I found out with implementation that WebTickets has a more complex security. You can have the IIS virtual application running under the QlikView Admin application pool OR if you're running the SSO website from a non-Windows machine (e.g. Apache web server) then you can specify the IP in IPV6 format (which is not so easy to spoof I think).
Regarding the other questions, I've never been able to get ticketing to work when QlikView web server is IIS and not QVWS. I usually install QVWS and run the ticketing website simultaneously in IIS. Since QVWS really is based on IIS, they don't conflict with each other. I create an application pool in IIS manually to run under the QV Admin account and set the SSO website to run under that pool. Bada bing, bada boom.
Thank for the udate Vlad.
I've also run into a couple other issues related to using ticketing as an authentication system, you're unable to manually assign named CALs unless you have a DSC in place (this has been accepted as a bug), leased licenses gets lost after you open QlikView again (this was a bug in QV9, corrected, now present again in QV10).
Ralph, dropbox link still works https://www.dropbox.com/s/fnnxfafpyuiiztk/Customized%20authentication%20v1.0.zip