17 Replies Latest reply: Apr 14, 2011 5:05 AM by Björn Wedbratt RSS

    Integration with apache

      Hi

      i am looking to integrate my qlikview server with the apache on the front end . so that when user logon to the websso, he is redirected to accesspoint webpage with auto logon

      can you explain me how this all works

      thanks

      peter

        • Integration with apache
          Björn Wedbratt

          Hi Peter,
          I guess your Apache isn't part of / joined to the domain so the users authenticated against your SSO are no authenticated Windows users? In this case you need to configure AccessPoint for http header authentication and also set QVS to run in DMS mode. I have no example out-of-the-box, but attached is a document that might give you some clues on the steps required (not covering the SSO solution)

          Btw, what kind of SSO are you using on Apache?

            • Integration with apache

              Hi

              Many thanks for the reply

              the first issue i am facing is that once the user logs in using the HTTP header into access point, i have the document access given to a ldap usergroup, how can i resolve the user group basis the user name i get from the HTTP header

              i have given the path of LDAP service in the DSC active directory but does not seem to work , i am getting a error " object reference not set to instance of an object"

               

              thanks

              peter

                • Integration with apache

                  Hi

                  In addition to above we have integrated our websso wih the qvserver, now when the access point portal is called, if no HTTP header is available, it is redirected to websso page and on authentication it is redirected to access point portal but there is no username in the portal page

                  Ideally it should login in as the HTTP Header but it is not

                  I have followed all the steps that yo have given in the attached file above but no luck

                  what is missing there

                  thanks

                  peter

                    • Integration with apache
                      Björn Wedbratt

                       


                      csavgssc wrote:
                      Hi
                      In addition to above we have integrated our websso wih the qvserver, now when the access point portal is called, if no HTTP header is available, it is redirected to websso page and on authentication it is redirected to access point portal but there is no username in the portal page
                      Ideally it should login in as the HTTP Header but it is not
                      I have followed all the steps that yo have given in the attached file above but no luck
                      what is missing there
                      thanks
                      peter<div></div>


                       

                      Hmm...did you verify the HTTP Header being present when accessing Accesspoint? You should be able to pick it up using Fiddler. What kind of SSO are you using? CAS?

                       

                       

                       

                    • Integration with apache
                      Björn Wedbratt

                      The AD DSP is for Active Directory only so you cannot use it for a generic LDAP provider. This is due to the schematic in AD is extended with some properties that are Microsoft specific. The DSP for AD will be more generic in v10.

                      If you want to resolve groups using any other LDAP provider, such as OpenLDAP or similar my guess is that your only way is to write a custom provider. I know there's been one floating around, will see if I can get it for you.

                        • Integration with apache

                          Hi Bjorn,

                          Can you please be kind to provide us the plugin with which we can resolve the LDAP user groups.

                          Regards

                          Peter

                            • Integration with apache
                              Björn Wedbratt

                              Hi Peter,
                              Sorry, been busy lately so I haven't been able to dig into this. The DSP I found didn't resolve groups either so I'm currently looking into the generic LDAP DSP for v10 (got some confirmation it will also work with v9 but more tests are required). Could be worth a shot to look into it so you don't need to develop your won DSP if it is working successfully with groups etc

                              Regards,
                              Bjorn

                                • Integration with apache

                                  Hi Bjorn

                                  Many thanks for the reply

                                  You mean to say that we can use the plugin used in V10 for LDAP connectivity in V9.0 also, Then where can i get to download v10

                                   

                                  thanks

                                  Peter

                                    • Integration with apache
                                      Daniel Rozental

                                      Interesting document but is that really secure?

                                       

                                      Wouldn't just about anyone be able to impersonate a user?

                                        • Integration with apache
                                          Björn Wedbratt

                                          Hi Daniel,
                                          You're absolutely correct. The document I attached is just a simple way of trying out the http header authentication in Accesspoint and is in no way a full documentation on how to deply a SSO solution. It is the responsibility of the SSO solution (for example Siteminder, MS Federation Services etc) to govern the web site and protect it from unautorized access with a tampered/changed credentials (http headers).

                                          Technically SSO solutions may differ, using encrypted cookies etc, but the idea is the same. If you don't have the correct security credentials (like a specific http-header) when accessing the site, you will be redirected to some kind of authentication authority. If you claim to have the correct credentials they will be verified against the auth authority before gaining access.

                                           

                                            • Integration with apache

                                              Hi Bjorn

                                              where can i get to download v10 or else can you provide me the plugin file

                                              thanks

                                              Peter

                                                • Integration with apache

                                                   


                                                  Bjorn Wedbratt wrote:
                                                  If you want to resolve groups using any other LDAP provider, such as OpenLDAP or similar my guess is that your only way is to write a custom provider. I know there's been one floating around, will see if I can get it for you. <div></div>


                                                   

                                                  Hi Bjorn,

                                                  I'd be interested in a non-AD LDAP provider, too, if you find it.

                                                  Thanks,

                                                  DJ

                                                  P.S. Great Sheldon pic.

                                                    • Integration with apache
                                                      Björn Wedbratt

                                                      Hi DJ,
                                                      in v10 you can use the Generic LDAP provider supplied with QVS, so you no longer need to write your own custom provider. SR2 will fix some issues with group resolution when using the Generic LDAP so I suggest waiting for the release of v10 SR2, which should be out within a week or so.

                                                      Regards,
                                                      Bjorn