QPR Knowledge Base

Using Single Sign-On with QPR Products

Hide Navigation Pane

Using Single Sign-On with QPR Products

Previous topic Next topic No expanding text in this topic  

Using Single Sign-On with QPR Products

Previous topic Next topic JavaScript is required for expanding text Mail us feedback on this topic!  

Comments (...)

It is possible to use single sign-on authentication with QPR products. QPR Portal, QPR Web Services Foundation, QPR ProcessGuide Designer, and QPR ScoreCard Designer support the use of Integrated Windows Authentication (IWA) for login. In addition, generic single sign on (SSO) is available for QPR Portal. With QPR Portal only Microsoft Internet Information Services (IIS) is supported as a web server. See the instructions below for information on enabling single sign-on authentication:

 

Changes in QPR Configuration Manager

 

1. Change the following settings in the General tab of the QPR User Mgmt Server section:

 

Select the authentication method(s) you want to use in the "Authentication method" sub-section. For Single Sign-On to work, you need to have Windows NT and/or LDAP selected. In the case you are going to use Intergrated Windows Authentication with LDAP authentication, make sure Active Directory is set as the naming convention for LDAP (this can be done in the LDAP Settings sub-section). Check also that cookies are not used for autologin, i.e. the "Do not use cookies for autologin" option is selected in the "Autologin settings" sub-section. Select also the desired group management method from the "User group" section. See the previous two chapters for more information about the user group management methods.

 

pic_single_sign_on

 

 

2. Change the following settings in the Single Sign On sub-section of the QPR User Mgmt Server section:

 

Select the products for which you want to enable Integrated Windows Authentication (IWA) or generic Single Sign On (SSO) by checking the desired checkboxes. In the case you selected QPR Portal in either section, define also the IP address of the server computer containing QPR.exe/QPR.dll into the CGI binary IP field in the General Settings section.

 

pic_single_sign_on2

 

The Single Sign On (SSO) option enables you to use single sign on in trusted environments where a web request's header variable carries the login name of the authenticated user. In the case your portal environment supports setting header variables for authenticated users, you can utilize the generic single sign on support for authenticating to QPR Portal. This functionality enables integration for example with the SAP Logon Ticket system.

 

Using the SSO option requires also that qprsettings.dat in the CGI binary/ISAPI DLL folder (C:\Inetpub\wwwroot\qpr81\Portal by default) is modified to define the name of the header variable containing the login name. Add a HDR_VAR_USR = <variable name> setting to the file.

 

Check log on account for QPR service

 

3. Make sure that QPR Service 8.1 is run with an account that can make queries to Active Directory.

 

Restart QPR service

 

4. Start/restart QPR service so that changes take effect.

 

 

Check Microsoft Internet Information Services (IIS) settings

 

5. The following applies regardless of IIS version:

Anonymous access needs to be disabled and Windows Authentication enabled on the QPR81 application / virtual directory and Portal virtual directory

 

On IIS 7 and newer, also make sure that the Windows Authentication feature is installed on IIS.

 

pic_iis_access_setttings

 

 

 

 

Comments (...)