Qlik Community

QlikView Security & Governance

Discussion Board for collaboration on QlikView Security and Governance.

ashokamp
New Contributor

Qlikview Server Setup (Authenticate/Authorize)

Hi,

need your help in setting up a environment for Qlik dashboards users.

Current Setup:

Internal Users in the LDAP are able to access the dashboard through internet.

They are logging in through a portal and Authentication is setup at Header  (IBM Web seal SSO)  in QlikView server . Users can able to access the dashboards without any hassle.

Authentication is through Header (SSO)

Authorization is NTFS (LDAP)


Scenario:

Now the requirement is as follows:

External users who are not part of the (LDAP network ) to be provided access to the dashboard.

Could you please help us in the new requirement .


Thanks

Ashok J

7 Replies
gregortvw
New Contributor III

Re: Qlikview Server Setup (Authenticate/Authorize)

Hi,

I've made a similar setup with IBM TAM previously.

User authenticates on TAM, it gives some header to QVWS, Header-Authentification is turned on.

You have to provide some access to WebSeal, so the user can come past TAM to the particular Access Point.

So I would say, the easiest way to solve your problem is to add external users to LDAP.

Maybe you can use a special group that has less permissions on systems, but also authorized to access your junction

Regards,

Gregor

ashokamp
New Contributor

Re: Qlikview Server Setup (Authenticate/Authorize)

Hi Gregor,

Thanks for your suggestion for adding External users to LDAP.

if we cannot add it to the existing LDAP is there any way possible?

OR

Suppose if External users are in a particular LDAP, can we configure this LDAP in parallel to the existing LDAP..

Can Qlikview DSC work with Two LDAPS? Whether it will search for users from two LDAPS while authetication?

Thanks

Ashok

gregortvw
New Contributor III

Re: Qlikview Server Setup (Authenticate/Authorize)

Hi Ashok,

DSC supports multiple connections for each protocol, also you can use a custom directory for authenticating on QV. Your problem could be to enter multiple LDAP groups in junction configuration.

Regards,

Gregor

ashokamp
New Contributor

Re: Qlikview Server Setup (Authenticate/Authorize)

Hi Gregor,

Thank you .  My question is If I add custom directory for External Users to the current setup, then the external users will need to be provided Qlik Passwords and the SSO will not be applicable for them?

The existing users can access the dashboards with SSO as their names are from LDAP?

Can you please clarify .

Thanks

Ashok

Employee
Employee

Re: Qlikview Server Setup (Authenticate/Authorize)

HI,

If you are using Header and SSO  you will either have to add another Webserver and use custom users or add them to the new Webservers local directory.

Bill

gregortvw
New Contributor III

Re: Qlikview Server Setup (Authenticate/Authorize)

Hi Ashok,

if you use a custom directory for your external users, you have to provide them a password. Also it could be a problem for TAM to get the ACL, because you're using a local ACL, only QVS know about. If you don't change anything on the existing setup (keep LDAP authentication on WebSeal, and Header Authentication on QVWS) existing users won't experience any changes.

In my particular setup we used an LDAP group to authenticate on junction, AD groups to manage access rights to particular apps and again (other) LDAP groups to manage section access within the app. Yes, a bit complicated, but it was a policy of our IT-Sec guys.

Regards,

Gregor

ashokamp
New Contributor

Re: Qlikview Server Setup (Authenticate/Authorize)

Hi Bill/Gregor thank you for your suggestions.

Hi Bill,

If i use two webserver can you please clarify on the below point.

1. Two webservers will be in different mahines ( one for each server).?

2. Two Webservers are configured to single QV server. So only one accesspoint. right?

Thanks

Ashok Kumar J

Community Browser