Security – Authentication and Authorization Security – Authentication and Authorization Security – Authentication and Authorization “What’s New” in security in QlikView 11 Security – Authentication and Authorization “What’s New” in security in QlikView 11 Fredrik Lautrup Ralph Senseny Fredrik Lautrup Ralph Senseny
30
Embed
QlikView 11 Security - Authentication and Authorization
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Security – Authentication and Authorization Security – Authentication and Authorization Security – Authentication and Authorization “What’s New” in security in QlikView 11
Security – Authentication and Authorization “What’s New” in security in QlikView 11
Fredrik Lautrup
Ralph Senseny
Fredrik Lautrup
Ralph Senseny
Legal Disclaimer
This Presentation contains forward-looking statements, including, but not limited to, statements regarding the value
and effectiveness of QlikTech's products, the introduction of product enhancements or additional products and
QlikTech's growth, expansion and market leadership, that involve risks, uncertainties, assumptions and other factors
which, if they do not materialize or prove correct, could cause QlikTech's results to differ materially from those
expressed or implied by such forward-looking statements. All statements, other than statements of historical fact, are
statements that could be deemed forward-looking statements, including statements containing the words "predicts,"
All authentication needs to be protected from evesdropping
• Use encrypted communication such as HTTPS or VPN
All authentication is done outside the QlikView system therefore there needs to be established trust between the systems
• IP address whitelists
#qonnections
• IP address whitelists
• Firewall restrictions
• Authentication using something you have
Hardening of the IIS platform in accordance with local security policy
How to Choose a Solution
Web frontend to
integrate with
Need to integrate content into portal using IFrames
No
No
Yes
Yes
Authenticate.aspxAuthenticate.aspx
#qonnections
Need to
transfer groups
from authentication system
SSO system
with header support
No
No
Yes
Yes
WebTicketWebTicket
WebTicketWebTicket
WebTicketWebTicketHeaderHeader
Certificates
#qonnections
Certificates
Features
• Configuring Certificates, in a multiple server deployment within QlikView, removes the dependency of a QlikView Administration Group
• Certificates allows the use of certificates to build a trust domain between services that can be located between different domains/areas such as internal networks, extranets and internet
Certificates
#qonnections
domains/areas such as internal networks, extranets and internet
• Eliminates the need to share an Active Directory (AD) or other user directories.
• The architecture is based on the QlikView Management Service (QMS) as the certificate manager (CA, Certificate Authority). The QMS will be able to create and distribute certificates to all services in the QlikView installation.
Certificates
• When deploying Certificates all QlikView servers must be configured for certificates.
• QlikView services participating in the installation will receive certificates signed using this root certificate when added to the QMS.
Certificate Structure
#qonnections
• QMS as the Certificate Authority(CA) issues digital certificates that contain keys and the identity of the owner
• QlikView Management Service is an important part of the security solution and needs to be managed from a secure location to keep the certificate solution secure.
• The QMS is responsible for saying "yes, this service deployed on this server is a service in my installation".
Questions
#qonnections
Questions
With QlikView there are many With QlikView there are many
ways to solve authentication it’s ways to solve authentication it’s
just a matter of selecting the just a matter of selecting the
#qonnections
just a matter of selecting the just a matter of selecting the
appropriate one based on the appropriate one based on the
pre requisites of the customerpre requisites of the customer