Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
sibin_jacob
Creator III
Creator III
‎2014-08-28 04:19 AM

Help Needed in Qlikview SSO integrtation - Urgent

We implemented SSO in QlikView using Header method.  It is passing the header value from the third party login page to Qlikview accesspoint properly.

But currently we are facing couple of issues. Below are the details

  1. Qlikview Access point is showing User name instead of Login ID. It is picking the User name from the Active Directory.

Some of the users are outside the Active Directory so it is showing the Login Id. We need to show Login ID for all the users.

How can we change it into Login Id instead of User Name?


2. If user clicking any link in QlikView access point after the session time out, We need to redirect to third party Login page or close the browser tab. Is this feasible ?

Thanks in Advance.

Regards,

Sibin Jacob. C

1,908 Views
0 Likes
6 Replies
ashfaq_haseeb
Champion III
Champion III
‎2014-08-28 04:29 AM

Hi,

For point one.

This is not directly possible.

You need to talk with your content team to replace name with ID by some programming. As Header of portal you logged in will return Name  not ID.

For Point 2

If you configured to read it with SSO, then I don't think you can directly access QlikView Access Point

Regards

ASHFAQ

621 Views
0 Likes
sibin_jacob
Creator III
Creator III
‎2014-08-28 04:57 AM
Author

In response to ashfaq_haseeb

Hi Ashfaq,

Thanks for the reply.

For point one.

I tested locally with 'Fiddler tool' ( Using local host). I have passed header value as sjacob(Login Id) but it is showing jacob, Sibin (User Name). How can I replace the name with ID? can you explain little more?


For Point 2.

I am not able access the Qlikview access point directly.


But my problem is If a user access the accesspoint through third party login page and not doing anything in the accesspoint for 1 hour. After 1 hour the session will get expire. After that If user click on any link or document from the access point, It should redirect to login page or it should close the browser tab. Is this feasible?


Thanks,

Sibin Jacob. C

621 Views
0 Likes
ashfaq_haseeb
Champion III
Champion III
‎2014-08-28 05:06 AM

In response to sibin_jacob

Hi,

This is purely can be handled by .net developers.

If you have someone in your company, please ask them to help you here.

Regards

ASHFAQ

621 Views
0 Likes
Not applicable
‎2014-08-28 06:02 AM

In response to ashfaq_haseeb

Hi Ashfaq

You are right, it can be purely handled by .net developer. in My company we have implemented SSO functionality for our client exact the same requirement Sibin jacob is taking about. there are lot many configuration to enable SSO.

As i have review Sibin Jacob question

  1. Qlikview Access point is showing User name instead of Login ID. It is picking the User name from the Active Directory.

Some of the users are outside the Active Directory so it is showing the Login Id. We need to show Login ID for all the users.

How can we change it into Login Id instead of User Name?

Ans:- In our project we have pass the User Name threw the Active Directory and the same User existing in Application. so that both in Active Directory and Application user should be same.  we have integrated the Integrated Windows Authentication.

With Integrated Windows authentication, the user name and password (credentials) are hashed before being sent across the network. When you enable Integrated Windows authentication, the client browser proves its knowledge of the password through a cryptographic exchange with your Web server, involving hashing. please see below URL for more information.

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/523ae943-5e6a-4200-9103-9...

Waffle – Windows & AD Authentication Framework

WAFFLE is a native Windows Authentication Framework consisting of two C# and Java libraries that perform functions related to Windows authentication, supporting Negotiate, NTLM and Kerberos. Waffle also includes libraries that enable drop-in Windows Single Sign On for popular Java web servers, when running on Windows.

http://dblock.github.com/waffle/

NTLM, Kerberos and Negotiate

These are network authentication protocols and method to authenticate users in general in windows network. In this implementation of SSO with waffle, we are using Kerberos protocol.

More details can be found at these links:

http://en.wikipedia.org/wiki/Kerberos_(protocol)

http://en.wikipedia.org/wiki/NTLM

More details can be found at this link:

2. If user clicking any link in QlikView access point after the session time out, We need to redirect to third party Login page or close the browser tab. Is this feasible ?

Ans:-  still this feature is implemented in Java code that we have implemented.

Following requirement are basic to implement SSO Functionality

1.  Filtering request to pass windows authentication token

2.  Changing LDAP table configuration (this will be identify the user it existing in Multiple schema or not)


Thanks


Saumil Jani


621 Views
Not applicable
‎2014-08-28 06:04 AM

Hi Sibin

Please see my below comments let me know if it work for your issue.

You are right, it can be purely handled by .net developer. in My company we have implemented SSO functionality for our client exact the same requirement Sibin jacob is taking about. there are lot many configuration to enable SSO.

As i have review Sibin Jacob question

  1. Qlikview Access point is showing User name instead of Login ID. It is picking the User name from the Active Directory.

Some of the users are outside the Active Directory so it is showing the Login Id. We need to show Login ID for all the users.

How can we change it into Login Id instead of User Name?

Ans:- In our project we have pass the User Name threw the Active Directory and the same User existing in Application. so that both in Active Directory and Application user should be same.  we have integrated the Integrated Windows Authentication.

With Integrated Windows authentication, the user name and password (credentials) are hashed before being sent across the network. When you enable Integrated Windows authentication, the client browser proves its knowledge of the password through a cryptographic exchange with your Web server, involving hashing. please see below URL for more information.

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/523ae943-5e6a-4200-9103-9...

Waffle – Windows & AD Authentication Framework

WAFFLE is a native Windows Authentication Framework consisting of two C# and Java libraries that perform functions related to Windows authentication, supporting Negotiate, NTLM and Kerberos. Waffle also includes libraries that enable drop-in Windows Single Sign On for popular Java web servers, when running on Windows.

http://dblock.github.com/waffle/

NTLM, Kerberos and Negotiate

These are network authentication protocols and method to authenticate users in general in windows network. In this implementation of SSO with waffle, we are using Kerberos protocol.

More details can be found at these links:

http://en.wikipedia.org/wiki/Kerberos_(protocol)

http://en.wikipedia.org/wiki/NTLM

More details can be found at this link:

2. If user clicking any link in QlikView access point after the session time out, We need to redirect to third party Login page or close the browser tab. Is this feasible ?

Ans:-  still this feature is implemented in Java code that we have implemented.

Following requirement are basic to implement SSO Functionality

1.  Filtering request to pass windows authentication token

2.  Changing LDAP table configuration (this will be identify the user it existing in Multiple schema or not)


Thanks

Saumil Jani

621 Views
AbhijitBansode
Specialist
Specialist
‎2015-10-17 11:02 AM

In response to

Hello Saumil,

Looks like this is the right post to table my question around default authentication in QlikView.

I've been running a crusade to OK the use of QlikView on native iOS/Android app. Organisation I'm working for has already got their native app(iOS/Android) available for all employees. I've been asked to make the QlikView dashboards available on the app.

Now to enable SSO of the QlikView dashboard from native app, app support team has asked me to set up Kerberos authentication at QlikView side. I've no idea as to how kerberos authentication can be setup in QlikView. I'm aware of QlikView uses default NTLM authentication. I would really appreciate any guidance here.

Thanks,

Abhijit

621 Views
0 Likes