Integrating Single Sign On in Qlikview – Part III

Once our Configurable ODBC connection in DSC is setup, we are ready to start assigning CALs to our documents.

First let’s take a look at the users coming from the DB. Go to QMC –> Users –> User Management. Click on the “Search in” drop down list. You should be able to see the ODBC connection we created. Then look for a user or type “*” in the search box to bring all users.

User search

The user returned will have a “Domain” prefix. This prefix is the once we entered in the “Directory lebel” field when we setup the Configurable ODBC.

Whenver we search for a user, DSC will run a query against our entity and group tables/views and will return the values. The details can be found in the DSC log located in C:\ProgramData\QlikTech\DirectoryServiceConnector\Log. Here’s an example of how the log looks like:

Information (Database.DatabaseProvider) Query: ‘select e.entityid, e.ENTITY_NAME, e.descr, e.email, count(g.memberid) as noGroupMembers from SSO_ENTITY e || left join SSO_GROUPS g on e.entityid = g.groupid || where lower(e.ENTITY_NAME) like lower(?) || or lower(e.descr) like lower(?) || group by e.entityid, e.ENTITY_NAME, e.descr, e.email‘. Parameters: one@%;one@%
Information (Database.DatabaseProvider) Query completed – 1 hits
Information (Database.DatabaseProvider) Query: ‘select e.entityid, e.ENTITY_NAME, e.descr, e.email, count(g.memberid) as noGroupMembers from SSO_ENTITY e || left join SSO_GROUPS g on e.entityid = g.groupid || where lower(e.ENTITY_NAME) = lower(?) || group by e.entityid, e.ENTITY_NAME, e.descr, e.email‘. Parameters: one@1317.com
Information (Database.DatabaseProvider) Query completed – 1 hits
Information (Database.DatabaseProvider) Query: ‘select e.entityid, e.ENTITY_NAME, e.descr, e.email, count(g.memberid) as noGroupMembers from SSO_ENTITY e || left join SSO_GROUPS g on e.entityid = g.groupid || where lower(g.memberid) = lower(?) || group by e.entityid, e.ENTITY_NAME, e.descr, e.email‘. Parameters: 20813
Information (Database.DatabaseProvider) Query completed – 1 hits
Information (Database.DatabaseProvider) Query: ‘select e.entityid, e.ENTITY_NAME, e.descr, e.email, count(g.memberid) as noGroupMembers from SSO_ENTITY e || left join SSO_GROUPS g on e.entityid = g.groupid || where lower(g.memberid) = lower(?) || group by e.entityid, e.ENTITY_NAME, e.descr, e.email‘. Parameters: 1
Information (Database.DatabaseProvider) Query completed – 0 hits
Information Resolved 1 groups for SSO\one@1317.com: SSO\External_Users
You can copy and paste the queries in your SQL tool and see what these queries return. As an explanation, DSC queries the tables in your DB and makes sure that user you are searching for exists and it belongs to a group. In my example, the user belongs to my External Users group.

Everything is now ready to start adding user to our documents following the standard methods.

I hope you found the series of posts useful.

Keep reading:

Integrating Single Sign On in Qlikview – Part I

Integrating Single Sign On in Qlikview – Part II

JV

Advertisements

Tags: , , , , , , , , , , , ,

7 responses to “Integrating Single Sign On in Qlikview – Part III”

  1. Kamin says :

    Hi sir, this is a very useful series of post. It really helped me implement single sing on in my environment! it’s one of the best post out there. Keep it up!

  2. GU says :

    Thank you for sharing your knowledge. I was successful setting up ODBC authentication, but how do users authenticate at the QV Access Point?

    I set the QV web server authenticaton to “Always”, type to “Header”, Header Name = “QVUSER”, Prefix=”SSO\”, Login Adress: “Alternate Login Page”.

    A login form shows up when I call the access point in the browser, but I don´t have a password for the users in the configurable ODBC-DSC, as it is not in the entity view. So how can users now connect to the access point. How do they get recognized?

    When I am using Windows AD, there´s no problem, because the browser already knows the user.

    Thank you for your answer.

    • Business Intelligence Experience says :

      Hi Gu,

      Qlikview will not provide Authentication (who’s the person?) but Authorization (I know who the person is, what can they access?).

      If you refer to the first post, you’ll see the scope of the series. I cover autherization but authentication is left out as you will need to use any web technology language to create your form authenticate the user against the database, create a web ticket and redirect the user to access point. At this point the user is authenticated so now Qlikview can authorize the user to the different files.

      You can find example of a .asp file to authenticate the user in the community.

      I hope this helps.

      Juan

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: