Data
Reader small image

You're reading from  QlikView Server and Publisher

Product typeBook
Published inJan 2014
Publisher
ISBN-139781782179856
Edition1st Edition
Tools
QlikView
Concepts
Business Intelligence
Right arrow
Author (1)
Stephen Redmond
Stephen Redmond
author image
Stephen Redmond

Stephen Redmond is the CTO and Qlik Luminary at CapricornVentis - a QlikView Elite Partner. He is the author of several books, including QlikView for Developers Cookbook and QlikView Server and Publisher, both published by Packt Publishing. He is also the author of the popular DevLogixseries for SalesLogix developers. In 2006, after many years of working with CRM systems, reporting and analysis solutions, and data integration, Stephen started working with QlikView. Since then, CapricornVentis has become QlikView's top partner in the UK and Ireland territories, and with Stephen as the head of the team, they have implemented QlikView in a wide variety of enterprise and large-business customers across a wide range of sectors, from public sector to financial services to large retailers. In 2014, Stephen was awarded the Luminary status by Qlik in recognition of his product advocacy. He regularly contributes to online forums, including the Qlik Community.
Read more about Stephen Redmond

Right arrow

Chapter 7. Alternative Authentication and Authorization Methods

What is the difference between authentication and authorization? When you log into your PC, your user credentials are checked against a user database (the local user database, Active Directory, LDAP, or other system), and you are let through to your desktop—this is authentication. When you try and open a file, the file system checks to see if you have the rights to open that file—this is authorization. You can see that authorization requires authentication to happen first, because authentication identifies the user who needs to be authorized.

We have already seen how we log into QlikView's AccessPoint with Active Directory/NTLM authentication, by allowing the credentials to be either automatically passed by the browser, or by entering the credentials in a standard challenge/response form. It is important to understand that the authentication step here is being performed by Windows, usually against Active Directory (Microsoft...

Types of Directory Service Provider (DSP)

Even if we are not authenticating against LDAP, we can have another party authenticate and use one of the other mechanisms to pass that authentication through to QlikView. For that reason, it is useful for us to be able to look up users and groups in the LDAP directory and retrieve a list of them.

QlikView can have several kinds of Directory Service Providers (DSPs):

Enabling DMS authentication and establishing ACLs in the QMC

Before we can start authorizing users, other than by using the default of Active Directory users and NTFS ACLs (Access Control Lists), we need to change the authorization method that QVS uses:

Follow these steps to enable DMS authorization:

  1. Open the QlikView Management Console and navigate to System | QlikView Servers | QVS@<servername>, and click on the Security tab.

  2. Change the Authorization setting from NTFS authorization to DMS authorization.

  3. Click on Apply.

If you were to look at the AccessPoint at this stage, there would be no documents visible. We need to configure ACLs on a document-by-document basis.

Follow these steps to establish the Access Control List for a document:

  1. Navigate to the Documents | User Documents tab and select the document for which you want to set the ACL. Click on the Authorization tab (this tab was not available under NTFS mode).

  2. Click on the + button to add a new Access row.

  3. Under User Type, click on...

Configuring Directory Service Providers

The Directory Service Providers are used for adding users and groups to document ACLs, assigning licenses to users, and resolving group memberships for users.

In this section, we will look at the options available to connect to a database user repository, an LDAP directory, and a QlikView Custom User repository. The Custom User repository is the only one for which QlikView manages the authentication process. The other two will require a third-party authentication, and either Custom Header or Custom Ticket Exchange (CTE), to pass the user information to QlikView.

All of the configurations explained in the following sections take place on the QMC System tab, under the Directory Service Connectors folder.

Configuring a Configurable ODBC DSP

The Configurable ODBC DSP allows you to point the DSC at a database. Any database engine with an ODBC driver (SQL Server, Access, Oracle, and so on) should work.

The database should have two tables (views will also work...

Enabling HTTP header authentication

HTTP header authentication allows a third-party service, for example Apache Web Server, to perform an authentication—using whatever mechanism it chooses—and then pass the username through to QlikView by injecting an HTTP header into the packet being sent to AccessPoint.

To enable this, we need to reconfigure the AccessPoint authentication:

  1. In QMC, click on the System tab, expand QlikView Web Servers, and then select your web server. Click on the Authentication tab.

  2. Set the Authentication option to Login, set the Type to Header, and set Login Address to Alternate login page (web form). The Header Name parameter, which defaults to QVUSER, is the name of the HTTP header that needs to be injected. The Prefix parameter should match one of the DSP names established earlier—for example, CUSTOM\ or LDAP\). Click on Apply.

  3. The next step is dependent on your third-party product. For Apache, you would edit the httpd.conf file to include proxy and reverse proxy entries...

QlikView ticket authentication

QlikView has had a Custom Ticket Exchange (CTE) mechanism since Version 9. Prior to Version 11, this mechanism was run by executing a COM call on the QlikView Server and retrieving a time-limited ticket. By attaching the ticket to the URL used to open a document, it identified the user to QlikView Server. There was a limitation in that the ticket could only authenticate a user to one document (using the qvajaxzfc/opendoc.htm page).

Since Version 11.0, a new mechanism has been introduced whereby, a ticket is obtained by making a web service call to the QlikView Server. This ticket can now be used to authenticate the user not to individual files but to AccessPoint.

The use case would be that a trusted server would authenticate the user (for example, via LDAP, Oracle SSO, and so on), make a request to the QlikView Web Server, obtain a ticket, and then redirect the user to the QlikView Web Server with the ticket encoded in the URL.

The trust mechanism is simply based...

Summary

There has been quite a lot covered in this chapter. We have talked about the different types of Directory Service Providers (DSPs) that the Directory Service Connector can use, and we configured and tested several of them. We have enabled the DMS authentication mode and established ACLs in the QMC. We have also seen how to enable third-party authentication by using HTTP headers and Custom Ticket Exchange.

In the next chapter, we will look at monitoring our QlikView Server implementation, and how to troubleshoot issues that might occur.

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 13 of 15
Next Chapter
You have been reading a chapter from
QlikView Server and Publisher
Published in: Jan 2014Publisher: ISBN-13: 9781782179856
© 2014 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Author (1)

author image
Stephen Redmond

Stephen Redmond is the CTO and Qlik Luminary at CapricornVentis - a QlikView Elite Partner. He is the author of several books, including QlikView for Developers Cookbook and QlikView Server and Publisher, both published by Packt Publishing. He is also the author of the popular DevLogixseries for SalesLogix developers. In 2006, after many years of working with CRM systems, reporting and analysis solutions, and data integration, Stephen started working with QlikView. Since then, CapricornVentis has become QlikView's top partner in the UK and Ireland territories, and with Stephen as the head of the team, they have implemented QlikView in a wide variety of enterprise and large-business customers across a wide range of sectors, from public sector to financial services to large retailers. In 2014, Stephen was awarded the Luminary status by Qlik in recognition of his product advocacy. He regularly contributes to online forums, including the Qlik Community.
Read more about Stephen Redmond

Personalised recommendations for you

Based on your interests and search pattern

Et al.

Et al.

Ever wonder why speech recognition systems don't understand the Scottish accent, or what would happen if an astronaut only ate mac 'n' cheese, or other spurious reflections you'd have at a bar? We did, then collated those deliberations into absurd research articles with fake figures and methodologies inspired by even more fictionally absurd studies.

BookAug 2023230 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages4
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages1
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Mastering Tableau 2023

Mastering Tableau 2023

This book is a comprehensive resource to mastering your Tableau skills and becoming a BI expert. As you progress, you will learn how to build advanced dashboards and improve your storytelling to derive key business insight, as well as make you well-versed with advanced functionalities of Tableau in the business intelligence domain.

BookAug 2023684 pages
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages5
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages2
Data Engineering with AWS

Data Engineering with AWS

Embark on a journey to master data engineering pipelines on AWS! Our book offers a hands-on experience of AWS services for ingesting, transforming, and consuming data. Whether you're an absolute beginner or someone with basic data engineering experience, this guide is an indispensable resource.

BookOct 2023636 pages5
Modern Data Architecture on AWS

Modern Data Architecture on AWS

Every organization wants an agile, performant, and cost-effective data platform that meets all their current and future business needs. Purpose-built AWS analytics services and their features play a big part in building such a modern data platform. This book brings to you all the design and architectural patterns that’ll help you achieve this goal.

BookAug 2023420 pages5
Practical Guide to Applied Conformal Prediction in Python

Practical Guide to Applied Conformal Prediction in Python

Discover the power of Conformal Prediction with the "Practical Guide to Applied Conformal Prediction in Python." Master the latest techniques to quantify uncertainty in machine learning and computer vision models, and seamlessly apply them to your industry applications.

BookDec 2023240 pages
TinyML Cookbook

TinyML Cookbook

With over 70 project-based recipes, the TinyML Cookbook is a practical guide that will help you to get the most out of your microcontrollers. It provides a comprehensive understanding of the theoretical foundations while giving you hands-on experience training ML models for deployment on Arduino Nano 33 BLE Sense, Raspberry Pi Pico, and SparkFun RedBoard Artemis Nano microcontrollers.

BookNov 2023664 pages

DSP type

Description

Active Directory

Connects to the Active Directory using LDAP calls—this is what we would have used by default in the Manage Users dialogs to retrieve users and groups. You can use either a fully-qualified domain name (FQDN) here—for example, LDAP://domain.local—or just the NetBIOS domain name—LDAP://DOMAIN. If you do use the FQDN, the DSC will resolve the NetBIOS name (in this case, DOMAIN) and use that as the DSP identifier. This means that any user identified as DOMAIN\USER will be linked with this DSP.

Custom Directory

A Custom Directory is a user and group...