Ok reread the release notes.
Turns out they were using alternate login page.
When to the page on the server can click apply.
Bug: 45832 QMS: Using NTLM Authentication with Custom or Alternate Login Page Vulnerability Fix
We are issuing an update to address vulnerability in authentication when using NTLM authentication with Custom or Alternate Login Page.
After implementation of this fix the end-user will need to login using a username in the form DOMAIN\UserID, if NTLM is used with Custom or Alternate Login Page.
To implement this update and ensure that the combination of NTLM/custom login page/alternate login page is correctly secured please ensure that the following are implemented:
-Install SSL if not already installed. The fix for this combination involves transmission of user credentials using clear text via HTTP Form standard.
- If you use Alternate login in v11SR1, the pagename is Login2.htm. After upgrade to v11SR2 the pagename is FormLogin.htm. In QMC\System\Setup\QVWS resource\Authentication tab, click Apply and go to Access Point again, the link is correctly changed to FormLogin.htm.
For custom login page to work after the fix the following steps also needs to be followed to change the custom login page:
In the custom form, ensure that the user name input field is named username
In the custom form, ensure that the password input field is named password
In the custom form, ensure that the Form method parameter is set to POST
In the custom form, ensure that the Action parameter is set to /QvAJAXZfc/Authenticate.aspx?back=[URL TO LOGIN PAGE]
A sample of this recommended implementation is shown below.
<form action="/QvAJAXZfc/Authenticate.aspx?back=/qlikview/FormLogin.htm" m