1 Reply Latest reply: Jun 17, 2015 9:43 AM by P Brun RSS

    Issue when configuring web server alternate login page (web form)

      Hi all,

       

      I am facing an issue when trying to configure the alternate login page (web form) for my IIS web server.

       

      I have IIS running on one server, Qlik Server/Management console on another.  Initially I configured IIS on my web-server using the default (browser) windows authentication.  This worked fine and users were able to access the system no problem, so i know that the communication between the servers is working successfully.

       

      Now i would like to use the Alternate login page (web form) to handle the user login (as opposed to the standard windows login via a pop-up in the browser).  I have enabled this option in the management console, and adjusted IIS on my web server to disable windows authentication for the Qlikview and QVAjaxZfc folders (anonymous authentication is enabled for both these folders).

       

      The formlogin.htm page is now displayed as expected when i navigate to the access point and i am prompted for credentials.  I entered my credentials into the login page and was able to login successfully.  It appeared at this stage that all was working successfully.

       

      However, when i asked some of my team members to test this functionality out for me, they reported that they are now unable to progress beyond the formlogin page (they could log in without any problems in the original configuration using the default login via the browser pop-up).  When they enter their credentials into the formlogin page, it simply refreshes back to the empty formlogin page and they do not progress to see their apps.

       

      The only difference between these users who are unable to access the system and my own user ID (which can log in no problem) is that i have admin rights on the server and the other users do not.

       

      To test this - i created a new test user with the same access rights as my team members and confirmed that the Qlik login did not work (although i was able to RDP into the web server without any problems, so i know the user was created successfully).  I then temporarily assigned this user to the local administrators group on the web server and tried to log in to the access point again - this time it worked without issue.

       

      So - based on above it would appear that this issue is related to some kind of missing authorisation on my non-admin users accounts.  So far i have been unable to identify where this missing permission needs to be corrected.

       

      FYI I'm running this on Windows Server 2012, Qlikview 11.2, IIS 8.5.

       

      Any suggestions on what i am missing would be much appreciated!

       

      thanks, PB

        • Re: Issue when configuring web server alternate login page (web form)

          I have finally managed to resolve this issue myself, so posting this in case it is of use to anyone facing the same issue in the future.

           

          Eventually i came across the following discussion where others had been facing a similar issue - After installing QV11SR2 and https certificate, alternate login page (web form) only allows server admins. Anyone get t…

           

          The solution suggested in this post above worked for me.  I opened the local group policy editor (Run... > gpedit.msc) on my web server, then navigated to: Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment

           

          Check the settings in the "Allow log on locally" setting.  On my server this was set to only allow this setting for the administrators group.  I added in the local "users" group and my login issue was resolved.  I suspect that an OS hardening script that was run on the server had resulted in this setting being updated, as from what i have read the local users group should be already included by default (and indeed it was on some other servers i checked).