4 Replies Latest reply: Jul 6, 2011 4:33 AM by Matteo Fioroni RSS

    Single sign-on and security issue

      Hi,

      Today I've a very unsafe environment: publisher loop&reduce a qvw file into file_usr1...file_usrXXX, each file with the only specific data for the corresponding user.

       

      Each user access the document with IE client or Ajax in anonymous way.

      The only security is the portal link that redirects the user to the appropriate document.

       

      The problem is that access point is free...so anyone logged in the intranet, knowning the link, can access every document...

       

      My portal implement SSO policy...so I think the best way to implement security is integrate qv server with my sso infrastructure.

       

      How can I do this?

      Can I continue to use my loop&reduce ploicy generatinx one file for each user, or the best solution is to use section access in the qvw document, reducing document on the fly?

       

      IMPORTANT: my user number is around 400...and is always in change...so is impossible to map each user on the section access....

       

       

      Can anyone help me?

       

      thank you in advance!

       

      Matteo