13 Replies Latest reply: Mar 7, 2017 2:41 PM by Hiren Jadiya RSS

    Windows Authentication Popup while accessing Qlikview

    Hiren Jadiya

      Hi,

       

      We are using qlikview document, which is integrated into a JAVA Portal. So we are having 2 main servers over here -

      1. Portal Server

      2. Qlikview Server (Where the .qvw document is deployed)

       

      Further, to inform that the single sign on is implemented using webticket.

       

      Now, generally when user login on Portal, he/she can able to access the Qlikview document. However, sometime the user gets Windows Authentication Popup. (5/100 times)

       

      Image 3.png

       

      On investigating the same we found that there is some issue with Cookies/Session. Please find the snapshot below. These snap-shots are taken from Client PC -

       

      Cookie Snap-shot for Portal Server

      Image 1.png

       

      Cookie Snap-shot for Qlikview Server

      Image 2.png

       

      When we delete the incorrect cookie (marked in RED) the user wont get the Authentication Popup. However, when the incorrect cookie is not deleted and the user logs out and logs in again the Authentication Pop-up comes up.

       

      I am not sure but what I believe is the incorrect cookie is set by calling QvAJAXZfc service (deployed on IIS on QlikView Server) from JAVA Portal.

       

      Questions:

      1. How can I avoid creation of incorrect cookie, OR

      2. Is there any settings that I have to make on QEMC Server.

        • Re: Windows Authentication Popup while accessing Qlikview
          Jeffrey Goldberg

          It's possible you have Windows Authentication turned on in IIS on the QvAjaxZfc virtual folder.  This is required if you are using windows authentication to authorize users to QlikView.  If you are using web ticketing or http header injection for authorization, set windows Authentication to disabled and anonymous to enabled.

           

          Here is a configuration document for IIS if using web ticketing or header injection.

          • Re: Windows Authentication Popup while accessing Qlikview
            Jeffrey Goldberg

            Hiren,

             

            Now that you have set everything for anonymous and you have whitelisted the ip, I'd start by testing with the sample aspx page I attached earlier.  You will need to change the ip address or hostname to obtain the webticket (QlikViewServerUrl variable) to your IIS server running Qlik web components.  If that works, then it's possible that your cookie deletion code is now removing the accesspoint session cookie you need to stay authorized.

             

            If you receive an error when using the attached aspx page, then there remains something amiss with the configuration.

             

            Do you mind sharing your webticket code?

              • Re: Windows Authentication Popup while accessing Qlikview
                Hiren Jadiya

                Hi Jeffrey,

                 

                I believe the web ticket code is running good. I was getting the Windows Authentication popup only 5/100 times, 95% its running good.

                 

                I don't mind sharing but I don't have ownership of same.

                 

                What I observed is, if the portal is remain idle of 10~15 mins then the Windows Authentication popup was coming (earlier), now the Failed to authenticate.

                  • Re: Windows Authentication Popup while accessing Qlikview
                    Jeffrey Goldberg

                    Is there content in the QlikView app or in the web page you are embedding Qlik content that may trigger windows auth?  The only other thing I can think of is you have set a session timeout and for whatever reason because of the windows auth settings in IIS it prompted you.

                     

                    I suspect the reason you are receiving an authenticate failure message is that you still have the equivalent lines of code in your web ticket request:

                     

                    client.PreAuthenticate = true;

                    client.Credentials = new NetworkCredential(ticketinguser,ticketingpassword);

                     

                    These lines are required if you are using windows authentication against the webticket code.  You will notice the sample, the instructions I provided, and the video all remove these lines because you are trusting the requesting IP in the config.xml.  The above lines are no longer required via the instructions I have provided.

                  • Re: Windows Authentication Popup while accessing Qlikview
                    Hiren Jadiya

                    Hi Jeffrey,

                     

                    I was able to extract the Webticket implementation from Portal Code. Please find below the pseudo code for same.

                     

                    Step: 1

                    Webticket = http://<QLIKVIEWSERVERNAME>/QvAjaxZfc/GetWebTicket.aspx?cmd=<Global method='GetWebTicket'><UserId>QLIKVIEW_USER</UserId></Global>

                     

                    Step: 2

                    Webticket = lcXb/KLvZ5trBTtwTxliVcqiZLCsPIKAcQFpSiwt

                     

                    Step: 3

                    http://<QLIKVIEWSERVERNAME>/QvAJAXZfc/Authenticate.aspx?type=html&webticket=lcXb/KLvZ5trBTtwTxliVcqiZLCsPIKAcQFpSiwt&try=/QvAJAXZfc/opendoc.htm?document=QLIKVIEWDOCUMENT.qvw&back=

                     

                    What I observed is, if the portal is remain idle of 10~15 mins then the Failed to authenticate Popup is coming and this happens when the 2nd AccessPointSession is created in Cookie under Qlikview Server.


                    Now, this 2nd AccessPointSession is created For QLIKVIEWSERVER. Is it possible to avoid creation of 2nd AccessPointSession?


                    Image 2.png

                      • Re: Windows Authentication Popup while accessing Qlikview

                        Hi,

                         

                        I too have similar issue but differnt context..  To solve my issue , I thought of restricting the accesspoint login screebn, but to do so, I want to know that,  " how to know if user has access to particular .qvw file on qlikview server using webticket?"

                         

                        As of now, I am using below url to open any report/document(.qvw file)..

                         

                        http://<Server>/QvAJAXZfc/Authenticate.aspx?type=html&webticket=<webticket>&try=http://<Server>/QvAJAXZfc/opendoc.htm?document=sample.qvw&host=<Host>@<Server>


                        All this, I am doing in Java based web application.


                        In nutshell, I want to know upfront that, if user has access to particular document using webticket before displaying the report.


                        Your ehlp is highly appreciable and indeed required for me.


                        Thanks,