6 Replies Latest reply: Oct 14, 2010 11:03 PM by Vlad Gutkovsky RSS

    SSO + SSL

    Vlad Gutkovsky

      I've managed to get to get a very simple Single Sign On (SSO) environment set up by setting the User Name Header in QEMC to QVUSER and then using Fiddler to pass some ficticious username through a QVUSER header for a user that I've authorized in DMS mode. This works fine over HTTP (see the 1st screenshot).

      error loading image

      I'm having problems when I try to combine SSO and SSL. I have a valid SSL certificate installed on my server and my AccessPoint is working fine with HTTPS protocol. However, when I try to pass the header via HTTPS it doesn't work and I receive the message "Authentication Failed" (see the 2nd screenshot).

      error loading image

      Does anyone know what's going on and what needs to be done to be able to combine SSO and SSL?

      Thanks!

        • SSO + SSL

          Vlad,

          I am having the exact same error attempting to go to AccessPoint. We are in DMS mode, are using it to do SSO, and when I set up the SSL certificate on the server, I get this error when attempting to go over SSL/port 443. http still works fine, but https does not.

          Note: I can get to the root of my site just fine over SSL (https://mycompany.com), but when I go to the AccessPoint area (https://mycompany.com/qlikview) it gives me the authentication error.

          Did you find any resolution to this in the last five months since you posted it?

          If I find any resolution to this I will post it to the forums.

          Gary

          • SSO + SSL

            Hi Guys,

            I managed to successfully setup SSO + SSL before (plus over tunneling). (SSO = WebSEAL). The "Authentication Failed" error might be coming from your IIS Web Site authentication setup. Enable the Anonymous Authentication even though your seting in QVS is Prohibit Anonymous. This is how fixed the problem.

            Regards,

            Elbert

             

              • SSO + SSL
                Vlad Gutkovsky

                Thanks guys, but neither one of your suggestions worked for me unfortunately. Gary, my port was always set to 443 so that wasn't the problem. What sort of DSP are you using for your users?

                Elbert, allowing anonymous authentication didn't change anything either. Are you sure that it wasn't a different setting somewhere?

                Thanks,

                  • SSO + SSL

                    hhhmm. What SSO sofware are you using? You can check your SSO log for a clue why you are getting the Authentication Failed error. Also, have to tried accessing via HTTP? (not HTTPS)

                    Regards,

                    Elbert

                     

                      • SSO + SSL
                        Vlad Gutkovsky

                        Elbert,

                        Thanks for your reply. As I mentioned in the original post, it's working fine over HTTP and I'm using Fiddler to simulate a SSO header. I'm not seeing any clues in the Fiddler log unfortunately. Any thoughts?

                        Thanks,