We have Qlik running Internally without any issues and would like to extend that access so that Qlikview is available using SSO from the internet for our internal staff for use on Company laptops, home computers and tablets. We will not be using a VPN, so assuming all traffic is from the internet.

I have been directed to the below articles on the Qlik forum, we already have ADFS 3.0 implemented for use with a different application including a Web Application Proxy for external access.

1) Authenticate against the Identity Provider (ADFS) requires the development of a program that implements Claims-based authentication.

   Claims-Based Architectures (Basic Concepts)

   http://www.vankeyenberg.be/?p=1281  (Example)

2) Use Web Ticket security to authenticate users in qlikview.

    braathen/qv-simple-webticket · GitHub

    Tool which test QlikView Webtickets

I am interested to know if this is the best set up based on my requirements? Are BOTH ADFS and the web ticketing setup required to get this working or could we simply use ADFS without the web ticketing?

If both are required am I right in thinking that at a high level we should use the below setup

1) Create external DNS record for Qlikview to point to Web Application Proxy

2) Point to the Web Application Server

3) Build and Configure Web Ticketing Server - Place in the DMZ or LAN? - Is this a requirement if using ADFS 3.0 with Web Application Proxy

4) Configure Relying Party trust to Qlikview

Are there any other steps or any other useful suggestions? Thanks a lot in advance.