0 Replies Latest reply: May 3, 2014 12:24 AM by Parag Naik RSS

    Steps for SSO- Webticket

    Parag Naik

      The Single Sign On in Qlikview through Web ticketing
      1. A login page to accept username
      2. If the page is standalone it might provide a form to enter a user id and password and validate them first
      3. QlikView is set up so that it trusts this login page to pass over validated users - For the same we have added the IP of the server in Web.config file 

      4. The login page now makes a request to QlikView which says “I have a user I Trust called FRED, can I have a ticket for him”- The login page need to bing  the URL & Username and send it to Qlikview server
      Below is the code which does this
      "private string getTicket(string user,string usergroups,string ticketinguser, string ticketingpassword)
               {

                  StringBuilder groups = new StringBuilder();
                   if (!string.IsNullOrWhiteSpace(usergroups))
                   {
                       groups.Append("<GroupList>");
                       foreach (string group in usergroups.Split(new char[] { ',' }))
                       {
                           groups.Append("<string>");
                           groups.Append(group);
                           groups.Append("</string>");
                       }
                       groups.Append("</GroupList>");
                       groups.Append("<GroupsIsNames>");
                       groups.Append("true");
                       groups.Append("</GroupsIsNames>");
                   }
                   string webTicketXml = string.Format("<Globalmethod=\"GetWebTicket\"><UserId>{0}</UserId></Global>", user);

                  HttpWebRequest client = (HttpWebRequest)WebRequest.Create(new Uri(Serverurl));
                   client.PreAuthenticate = true;
                   client.Method = "POST";
                   client.AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate;"
      5. QlikView returns a ticket to the login page which takes the form of a long string and internally records the user that is represented by that ticket-- Getwebticket is the aspx file which will generate ticket.
      6. The login page now builds a URL to the QlikView server address adding the ticket into the URL, the user is then redirected to that URL- This script to redirect the url to access point using Ticket. The script need to be written in .net portal login page

      " RedirectLink = " ../qvajaxzfc/authenticate.aspx?type=html&try= ../qvajaxzfc/opendoc.htm?document

      =" + document + "&back=/LoginPage.htm&webticket=" + ticket;"
      7. When the user hits the QlikView server, it extracts the ticket checks its list of approved tickets and if its valid, the user is then successfully logged into QlikView as FOO- This time the url which is passed will hit Authentication.aspx which will validate the ticket.
      8. The access is granted to the user since it's a dynamic call assignment the user will get 1 doc cal and the user can view the document.
      9. From security purpose A ticket once created it valid for 2 minutes, if it is not used in that time is destroyed
      10. Once a ticket is used to establish a session it cannot be used again.  Within that session a user can open several documents
      11. A web ticket can be used to open a single document or the QlikView Access Point -
      12. To use web tickets there are two area that need to be address The Code in your login page (.NetPage) and the Server Configuration (Qlikview)
      The configuration of QlikView:
      13. QlikView needs to be an Enterprise Edition License
      14. QlikView needs to be running in DMS mode for security
      15. All the applications needs to have Authorization set as "All Authenticated Users"
      16. The QlikView web site in IIS needs to be set up to use Anonymous permissions – it will be expecting windows permissions by default – specifically it is the QVAJAXZFC directory that needs its permission changing.
      17. QlikView needs to trust the code asking for the ticket.  There is a web page within the QlikView web server called GetWebTicket.aspx which handles requests for tickets, this will only return a ticket to a trusted user/process
      18. Changes in Config file to make the server ip from where the request is coming as trusted
      19. Save and restart the web server
      20. To validate if the settings are proper access Webticketcode.aspx , generate ticket and then click on link "here" you will be given the access to Access Point and One license will be allocated

       

       

      Is any step missing or need to be corrected please guide.