1 Reply Latest reply: Feb 24, 2015 10:46 AM by Louis Winter RSS

    Qlik iPad App Errors After Authentication Model Changes

    Louis Winter

      We recently switched our authentication method from NTLM to Custom User (via WebTicket) with a Custom login page (SAML2 interface to external identity provider).  After making this change, the iPad app no longer works.  I get the custom login page and after authenticating I see the access point very briefly and then get an error ("Error downloading the document list").

       

      Many of our customers rely on the Qlik mobile app which now is no longer working.

       

      I can still authenticate to our Access Point via Safari and opening/using docs works just fine.  Also, access from desktop browsers (IE, Chrome, Firefox, etc) all work correctly.

       

      The following entries are generated in the IIS log:

       

      2015-02-19 16:19:50 XX.XX.XX.XX POST /QvAJAXZfc/AccessPoint.aspx mark= 443 - YY.YY.YY.YY QlikView/2.0+(iPad;+iOS+8.1.1;+Scale/1.00) 302 0 0 1429 426 62

      2015-02-19 16:19:50 XX.XX.XX.XX GET /QvAJAXZfc/AccessPoint.aspx mark= 443 - YY.YY.YY.YY Mozilla/5.0+(iPad;+CPU+OS+8_1_1+like+Mac+OS+X)+AppleWebKit/600.1.4+(KHTML,+like+Gecko)+Mobile/12B435 302 0 0 1445 339 78

      2015-02-19 16:20:28 XX.XX.XX.XX POST /Shibboleth.sso/SAML2/POST - 443 - YY.YY.YY.YY Mozilla/5.0+(iPad;+CPU+OS+8_1_1+like+Mac+OS+X)+AppleWebKit/600.1.4+(KHTML,+like+Gecko)+Mobile/12B435 200 0 0 533 11864 546

      2015-02-19 16:20:28 XX.XX.XX.XX POST /QvAJAXZfc/AccessPoint.aspx mark= 443 - YY.YY.YY.YY QlikView/2.0+(iPad;+iOS+8.1.1;+Scale/1.00) 302 0 0 1445 446 62

       

      Regarding the WebTicket setup, 127.0.0.1 (localhost) is the only IP setup as a <TrustedIP> in the WebServer\config.xml.

       

      Any ideas on how to resolve this?

        • Re: Qlik iPad App Errors After Authentication Model Changes
          Louis Winter

          More info - After doing some traces, I found that the Qlik app calls AccessPoint.aspx directly, bypassing the custom login page.  Since the custom login page isn't called, the code to generate the WebTicket is never executed.

           

          Does anybody know of a way to force the AccessPoint.aspx page to call the custom login page if the session isn't authenticated (logged in)?  Or any other suggestions?