3 Replies Latest reply: Mar 28, 2013 8:11 AM by Gibran Ghazali RSS

    Qlikview - generating webtickets. Any way of locking this down?

      Hi,

       

      I've just setup QlikView Server 11.2 SR1 and am looking at integrating the WebTicket system with our current SAML authentication code in our application portal.

       

      Is there any way to modify the QV configuration so that access to GetWebTicket.aspx is restricted?

       

      Currently, any user authenticated on the domain can fire up a browser, and hit /qvajaxzfc/getwebticket.aspx?cmd=<Global method="GetWebTicket"><UserId>domain\user</UserId></Global> and get a web ticket through the return XML with any domain\user value. Then use this ticket with authenticate.aspx to login to the system as said user.

       

      The reason I'm keen to restrict this is because not all users on our QV Server should get access to certain .qvw models.

       

      Many thanks.

       

      GG