It is possible to use single sign-on authentication with QPR products. QPR Portal, QPR Web Services Foundation, QPR Modeling Client, and QPR Metrics client support the use of Integrated Windows Authentication (IWA) for login. In addition, generic single sign on (SSO) is available for QPR Portal. With QPR Portal only Microsoft Internet Information Services (IIS) is supported as a web server. See the instructions below for information on enabling single sign-on authentication:
Changes in QPR Configuration Manager
1. Change the following settings in the General tab of the QPR Foundation Server section:
2. Change the following settings in the Single Sign On sub-section of the QPR Foundation Server section:
Select the products for which you want to enable Integrated Windows Authentication (IWA) or generic Single Sign On (SSO) by checking the desired checkboxes. In the case you selected QPR Portal in either section and QPR Web Application Server is located on a different computer than QPR.isapi.dll/QPR.CGI.exe, define also the IP address of the server computer containing QPR.isapi.dll/QPR.CGI.exe into the CGI binary IP field in the General Settings section. If QPR.isapi.dll/QPR.CGI.exe and QPR Web Application Server are located on the same computer, the CGI binary IP field can be left empty.
The Single Sign On (SSO) option enables you to use single sign on in trusted environments where a web request's header variable carries the login name of the authenticated user. In the case your portal environment supports setting header variables for authenticated users, you can utilize the generic single sign on support for authenticating to QPR Portal. This functionality enables integration for example with the SAP Logon Ticket system.
Using the SSO option requires also that qprsettings.dat in the CGI binary/ISAPI DLL folder (C:\Inetpub\wwwroot\qpr2012\Portal by default) is modified to define the name of the header variable containing the login name. Add a HDR_VAR_USR = <variable name> setting to the file.
Check log on account for QPR service
3. Make sure that QPR Service 2012.1 is run with an account that can make queries to Active Directory.
Restart QPR service
4. Start/restart QPR service so that changes take effect.
Check Microsoft Internet Information Services (IIS) settings
5. The following applies regardless of IIS version:
•Anonymous access needs to be disabled and Windows Authentication enabled on the QPR2012 application / virtual directory and Portal virtual directory
On IIS 7 and newer, also make sure that the Windows Authentication feature is installed on IIS.
See Appendix D in the QPR Installation Instructions document for information about configuring QPR Web Services Foundation to use single sign-on.
Web browser settings in Microsoft Internet Explorer
Microsoft Internet Explorer supports Integrated Windows Authentication in its default configuration.
Web browser settings in Mozilla Firefox
To enable Integrated Windows Authentication in Mozilla Firefox, do the following:
1.Input about:config to the address bar
2.Acknowledge the warning and proceed
3.Input network.automatic as the filter
4.Double-click the network.automatic-ntlm-auth.trusted-uris setting.
5.Input the host name of your QPR Portal as the value, for example http://myserver. If you have multiple servers to allow, separate them with commas.