13 Replies Latest reply: Mar 23, 2016 7:36 AM by Javier Quintela Nogueira RSS

    QlikSense: SAML / FEDERATED SECURITY / SECURE TOKENS

      In White paper for QlikView:

       

      SAML / FEDERATED SECURITY / SECURE TOKENS There are a number of different security systems that can make use of secure tokens to sign users into a range of systems. There are several different standards and sets of terminology around this approach such as SAML (Security Assertion Markup Language) and federated security such Active Directory Federation Services. Although each is different the approach from a QlikView perspective is similar. Here is how it typically works… In this approach, due to the level of integration required, a custom login page can be created to use the security API in QlikView. Although this mechanism is relatively simple to use it does require some knowledge of programming and this configuration is not ‘out of the box’. There are examples on how to implement this approach available on the QlikView Community. 3 The advantage of this approach is again to conform to an organization’s standard way for securing services. It again does require that an organization has in place a security system that offers this kind of functionality but QlikView has an approach for integrating with a range of vendors’ solutions. QlikView Server 8. User received QlikView content CLOUD 1. User requests QlikView content Custom Login Page 2. User redirected to Login System 5. Request QlikView content with token 4. Redirect user to QlikView with token 3. Login Against Login System 6. Validate token Login System CUSTOMER SITE/INTERNET 7. Token is OK and provide username/groups QlikView and the Cloud | 13 With Active Directory Federation Services (ADFS) it is possible for users to seamlessly log in to a non-domain cloud server without being prompted to log in as their internal Windows credentials are used during the process of logging in. This gives an excellent user experience and ADFS is often implemented within organizations alongside their regular Active Directory which means there is no requirement for an additional SSO product or set of users.

       

      Has anyone seen this for QlikSense?