2 Replies Latest reply: Mar 4, 2013 12:25 PM by Igor Shchukin RSS

    Security using client's Windows credentials in multi domain env

    Igor Shchukin

      Hi folks,

       

      I'm wondering if there is a way to set up Qlikview Server(IIS or QVWS) to use Windows credentials from client's machine(not the server), where client and server are in different domains and there is not trust defined between those domains? I want clients to be able to open QlikView documents(through a browser) without having to authenticate themself in the domain QlikView server belongs to and be able to restrict the access to documents using client's Windows credentials(NTFS mode).

       

      I'm using QlikView 11.

       

      Would really appreciate any help or advice.

       

      Thanks a lot.

       

      Regards,

      Igor

        • Re: Security using client's Windows credentials in multi domain env
          Daniel Rozental

          I don't think that's possible, sorry.

            • Re: Security using client's Windows credentials in multi domain env
              Igor Shchukin

              Thanks a lot for reply.

               

              Qlikview Security spec states:

              "In a multi-domain environment: The internal company network IWA should be avoided in

              architectures where a multi-domain environment exists with no trust relationship between

              the domain of the workstation and the domain of the server, or when used across a

              reverse proxy. In such an environment the QlikView deployment should be configured

              to use either an existing external SSO service or a QlikView custom ticket exchange to

              expose an authenticated identity to QlikView."

               

              Do I understand it right and it's not possible to have all users use QlikiView AccessPoint in multidimensional environment(with no trust) without them having to authenticate their identity again, i.e. login into the server's domain or to enter the username and password into additionally created security layer?

               

              And really silly question. Do I always have to login to QlikView Server domain when I open AccessPoint remotely?

               

              Regards,

              Igor