1 Reply Latest reply: Feb 9, 2016 7:21 AM by Ely Malki RSS

    SSO for Ajax accesspoint using Small Business Edition Solution

    Marco Damiao

      Hello everyone this is my first entry in Qlik community. I've spent a few days looking around for a solution to implement a Single Sign On solution in my qlikview server and never found what I needed. After some tinkering me and a fellow engineer found a solution to our particular problem and decided to share it. Any comments on this solution are appreciated!

       

      Inicial scenario

      Licence type: Small Business Edition

      Web-server: IIS

      Authentication: NTLM

      Authorization: NTFS (Forced by licence)

      Login Address: Default login page (browser authentication)

      Requirements: We needed to implement qlikview authentication in a webportal that contains an application and embed an iframe with a qlikview document, this authentication needs to be as invisible as possible so that the user doesnt even know he's using two different applications.

       

      Solution:

      • Changed Login Address type to Custom login page
        • The reason for this is that we will need to be able to post the user credentials via ajax. Maybe other workarounds exist but this was what we were able to implement.
      • IIS Reverse proxy using ARR and URL rewrite
        • We have both websites in the same IIS, o we simply enabled ARR proxy and in URL rewrite we created a Reverse Proxy rule with "QvAjaxZfc(.*)|qlikview(.*)" as a pattern to rewrite URL as https://qlikviewserver/{R:0}
        • This allowed us to access qlikview resources from our webportal like this : https://webportal/qlikview/FormLogin.htm
        • There might be cross origin problems associated so if it doesnt work, that might be something that needs to be handled.
      • Automatic login
        • As required we want to login in our webportal, and at the same time login in qlikview. Our solution was to use JQUERY to send a formData login just like you would send over the FormLogin.htm page.
        • On click we retrieve the user and password from the webportal form and procede to Post the data via ajax JQUERY, with a modified url.
        • This method provided us with an invisible login since there is no redirect to accesspoint and no call back in case of failed authentication.
        1. $.ajax({
        2.   type: "POST",
        3.   url: "/QvAJAXZfc/Authenticate.aspx",
        4.   data: {
        5.   username: UserForm.value,
        6.   password: PasswordForm.value
        7.   },
        8.   contentType: "application/x-www-form-urlencoded",
        9.   success: function () {
        10.   alert('form was submitted');
        11.   }
        12.   });
      • iFrame
        • Just add an iFrame to your website, with the link you want, in our case we added a link directly to the document we want.

       

      That's it!!! This solution might not work for every scenario but since I never found a solution for SSO with a small business edition licence i thought I could share some knowledge.

       

      Any comments, tips or criticism is always welcome!

       

      I'll try to create a step by step tutorial when I have time if anyone has problems following this.

       

      Best regards