Common QPR Authentication
Common authentication enables linking from one QPR product to the other without the need of a separate login for the product that is the link target. When you are authenticated to one QPR product, you are automatically authenticated all other QPR products as well. It is possible to configure a common authentication between following QPR products:
- QPR UI
- QPR ProcessAnalyzer Web Service
- QPR Portal
- QPR Web Services
Common authentication works in a way that if there is a valid (non expired) session existing in any of the systems, sessions for the other systems are refreshed automatically without the need to login again. If all sessions have expired, there is a need to relogin. If a session has been expired, a valid session in other system is able to renew the expired session without notifying user.
Common authentication needs to be setup for each QPR product according to the instructions described in this page.
In common authentication, username attribute is used to match user accounts between QPR products.
Configuring Common Authentication for QPR UI
To configure Common Authentication for QPR UI, follow these instructions:
- Determine the needed setting string. It uses following format: PRODUCTNAME,URL;PRODUCTNAME,URL;... where PRODUCTNAME is either WAS, WS or PA. Example:
WAS,http://SERVERNAME/QPR/Portal/QPR.Isapi.dll;WS,http://SERVERNAME/QPR/Portal/QPR.Isapi.dll/wsforward/MainService.svc/webHttp/;
SERVERNAME is the name of the corresponding server. - Login to the QPR UI database in the SQL Server using SQL Server Management Studio.
- Right click QPR UI database, select New Query, and define following query:
SELECT VALUE_FIELD FROM [DATABASENAME].[dbo].[CONFIGURATIONENTITY] WHERE KEY_FIELD ='AUTHENTICATION_SERVICES';
If the query returns a row, store the result for backup. - If the step 4 query didn't return anything, execute following query to make the setting change:
INSERT INTO [DATABASENAME].[dbo].[CONFIGURATIONENTITY](KEY_FIELD,VALUE_FIELD) VALUES ('AUTHENTICATION_SERVICES', 'SETTINGSTRING');
(replace the SETTINGSTRING with the one determined in step 1). - If the step 4 query returned a row, execute following query to make the setting change:
UPDATE [DATABASENAME].[dbo].[CONFIGURATIONENTITY] SET VALUE_FIELD = 'SETTINGSTRING' WHERE KEY_FIELD = 'AUTHENTICATION_SERVICES';
(replace the SETTINGSTRING with the one determined in step 1).
Configuring Common Authentication for QPR ProcessAnalyzer
The configuration file web.config in QPR ProcessAnalyzer Service is used for registering servers belonging to the common authentication server group. The servers can then share user sessions created for users.
To set up a common authentication server group:
- Create or change usernames in both the source and target QPR products, so that the usernames are identical in both products.
- Configure common authentication settings by adding the URL of the product where the linking is done from to the web.config file of the target product. For example, to link between QPR UI and QPR Portal, do as follows:
- Add three groups, ServerGroupPA, ServerGroupMD, and ServerGroupMEA, to the web.config file under <Qpr.ProcessAnalyzer.Common.Properties.Settings> section. Specify the QPR ProcessAnalyzer service URLs for ServerGroupPA, the QPR UI service URL(s) for ServerGroupMD, and the QPR Portal service URLs for ServerGroupMEA. See example below:
<setting name="ServerGroupPA" serializeAs="Xml"> <value> <ArrayOfString xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <string>http://pa1.qpr.com</string> <string>http://pa2.qpr.com</string> </ArrayOfString> </value> </setting> <setting name="ServerGroupMD" serializeAs="Xml"> <value> <ArrayOfString xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <string>http://UI:8080/EnticeServices/</string> </ArrayOfString> </value> </setting> <setting name="ServerGroupMEA" serializeAs="Xml"> <value> <ArrayOfString xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <string>http://qprsuite1.qpr.com/QPR/Portal/QPRIsapi.dll</string> <string>http://qprsuite2.qpr.com/QPR/Portal/QPRIsapi.dll</string> </ArrayOfString> </value> </setting>
Configuring Common Authentication for QPR Portal and QPR Web Service
- In QPR application server, open file C:\ProgramData\QPR Software\QPR 2017\2017.1\Servers\Settings\QPR_Servers.ini. (Note that you may have other version than QPR Suite 2017.)
- In section [UMS Settings] set EnableSSOForPortal=1 (if EnableSSOForPortal setting already exists, change it. If the setting doesn't exist, create it as a new line).
- If you need to add common authentication to QPR UI, in section [WAS Settings] add AuthenticationService_1=ENTICE,http://SERVERNAME:8080 (SERVERNAME is the name of QPR UI server that is used when accessing QPR UI). If you also need to add common authentication to QPR ProcessAnalyzer, add also AuthenticationService_2=PA,http://SERVERNAME as a new line. Note the increasing number in the setting name.
- Restart QPR Suite Windows service.
For more information, see the detailed instructions: http://kb.qpr.com/qpr2017-1/index.html?common_qpr_authentication.htm
Embed QPR Suite Portal in QPR UI
QPR Portal can be embedded into QPR UI using External Content presentation object. When setting its url (External Content URL field), add the following parameter to the url:
&xsession={#sys:sessionId}
When the session id is passed to QPR Portal, user is automatically authenticated to QPR Portal using the common authentication.