Difference between revisions of "Common QPR Authentication"

Latest revision as of 14:48, 28 June 2019

Common authentication enables linking from one QPR product to the other without the need of a separate login for the product that is the link target. When you are authenticated to one QPR product, you are automatically authenticated all other QPR products as well. It is possible to configure a common authentication between following QPR products:

QPR UI
QPR ProcessAnalyzer Web Service
QPR Suite Portal
QPR Suite Web Services

Common authentication works in a way that if there is a valid (non expired) session existing in any of the systems, sessions for the other systems are refreshed automatically without the need to login again. If all sessions have expired, there is a need to relogin. If a session has been expired, a valid session in other system is able to renew the expired session without notifying user.

Common authentication needs to be setup for each QPR product according to the instructions described in this page.

In common authentication, username attribute is used to match user accounts between QPR products.

Configuring Common Authentication for QPR ProcessAnalyzer

For QPR ProcessAnalyzer the common authentication is configured to the web.config file. Search the <Qpr.ProcessAnalyzer.Common.Properties.Settings> section in the file containing placeholders for the settings ServerGroupPA, ServerGroupMD and ServerGroupMEA. To create a common authentication group to QPR UI, define the QPR UI url to the ServerGroupMD setting. To create a common authentication group to QPR Suite, define the QPR Suite url to the ServerGroupMEA setting. The setting ServerGroupPA is for creating an authentication group to another QPR ProcessAnalyzer server.

In the following example, the SERVERNAME needs to be replaced with the name of the corresponding QPR server:

<setting name="ServerGroupMD" serializeAs="Xml">
  <value>
    <ArrayOfString xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
      <string>http://SERVERNAME:8080/EnticeServices/</string>
    </ArrayOfString>
  </value>
</setting>
<setting name="ServerGroupMEA" serializeAs="Xml">
  <value>
    <ArrayOfString xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
      <string>http://SERVERNAME/QPR2019-1/Portal/QPR.Isapi.dll</string>
    </ArrayOfString>
  </value>
</setting>

Configuring Common Authentication for QPR UI

To configure Common Authentication for QPR UI, follow these instructions:

Determine the needed setting string as follows: it uses format PRODUCTNAME,URL;PRODUCTNAME,URL;... where PRODUCTNAME is either WAS, WS or PA. Example:
```
PA,http://localhost/QPRPA/MainService.svc/webHttp/;WAS,http://SERVERNAME/QPR2019-1/Portal/QPR.Isapi.dll;WS,http://SERVERNAME/QPR2019-1/Portal/QPR.Isapi.dll/wsforward/MainService.svc/webHttp/;
```
SERVERNAME is the name of the corresponding server.
Login to the QPR UI database using SQL Server Management Studio.
Right click QPR UI database, select New Query, and define following query:
SELECT VALUE_FIELD FROM [DATABASENAME].[dbo].[CONFIGURATIONENTITY] WHERE KEY_FIELD ='AUTHENTICATION_SERVICES';
If the query returns a row, store the result for backup.
If the step 4 query didn't return anything, run the following:
INSERT INTO [DATABASENAME].[dbo].[CONFIGURATIONENTITY](KEY_FIELD,VALUE_FIELD) VALUES ('AUTHENTICATION_SERVICES', 'SETTINGSTRING');
(replace the SETTINGSTRING with the one determined in step 1).
If the step 4 query returned a row, run the following:
UPDATE [DATABASENAME].[dbo].[CONFIGURATIONENTITY] SET VALUE_FIELD = 'SETTINGSTRING' WHERE KEY_FIELD = 'AUTHENTICATION_SERVICES';
(replace the SETTINGSTRING with the one determined in step 1).

Configuring Common Authentication for QPR Suite Portal and QPR Suite Web Service

In the QPR application server, open file C:\ProgramData\QPR Software\QPR 2019\2019.1\Servers\Settings\QPR_Servers.ini. Note that you may have other version than QPR Suite 2019.
In the [UMS Settings] section, set EnableSSOForPortal=1 (if EnableSSOForPortal setting already exists, change the existing setting. If the setting doesn't exist, create it as a new).
If you are adding the common authentication to QPR UI, in the [WAS Settings] section, add
AuthenticationService_1=ENTICE,http://SERVERNAME:8080
SERVERNAME is the name of the QPR UI server that is used when accessing QPR UI (note that the url does not contain a path part, such as EnticeServices). If you also need to add common authentication to QPR ProcessAnalyzer, add
AuthenticationService_2=PA,http://SERVERNAME
as a new line. Also, increase the number in the setting name if AuthenticationService_1 is already used.
If using QPR Suite 2019.1 or later, check also that in the [WAS Settings] section, UseAuthenticationToken is set to 1.
If using QPR Suite 2019.1 or later, add the following line to the [WAS Settings] section:
AuthenticationService_1=WAS,http://SERVERNAME/QPR2019-1/Portal/QPR.Isapi.dll
It's important that the servername and protocol are same as defined in the HostScriptLocation setting (in the [WAS Settings] section). Also, increase the number in the setting name if AuthenticationService_1 and/or AuthenticationService_2 are already used. This setting is needed for the QPR Suite Web Service (WS) to use the common authentication to validate a session token from QPR Suite Web Application server (WAS).
Restart QPR Suite Windows service.

Embed QPR Suite Portal in QPR UI

QPR Suite Portal can be embedded into QPR UI using External Content presentation object. When setting QPR Suite Portal url (in the External Content URL field), add the following parameter to the url: &xsession=<#sys:sessionId>. When the session id is passed to the Suite QPR Portal, user is automatically authenticated to QPR Portal using the common authentication.

QPR UI Session Expiration

QPR UI user session will expire if there is no communication with the QPR UI server within the defined time, which is by for 2 hours. The default expiration timeout can be changed by adding or editing the SESSION_EXPIRATION_TIME value (in minutes) in the CONFIGURATIONENTITY table in QPR UI database configuration table.

If session in QPR Suite or QPR ProcessAnalyzer is still valid when QPR UI session has expired, QPR UI session is automatically renewed without the need to input credentials.

If federated authentication is in use, the user is redirected to the identity provider. Note that the session in the identity provider server may still be valid and thus there is not need to input credentials.

@@ Line 1: / Line 1: @@
-Common authentication enables linking from one QPR Suite product to the other without the need of a separate login for the product that is the link target. When you are authenticated to one QPR Suite product, you are automatically authenticated all other QPR Suite products as well. It is possible to configure a common authentication between following QPR Suite products:
+Common authentication enables linking from one QPR product to the other without the need of a separate login for the product that is the link target. When you are authenticated to one QPR product, you are automatically authenticated all other QPR products as well. It is possible to configure a common authentication between following QPR products:
+* QPR UI
 * QPR ProcessAnalyzer Web Service
-* QPR ProcessAnalyzer Web Client
+* QPR Suite Portal
-* QPR MobileDashboard
+* QPR Suite Web Services
-* QPR Portal
-* QPR Web Services
 Common authentication works in a way that if there is a valid (non expired) session existing in any of the systems, sessions for the other systems are refreshed automatically without the need to login again. If all sessions have expired, there is a need to relogin. If a session has been expired, a valid session in other system is able to renew the expired session without notifying user.
-Common authentication needs to be setup for each QPR Suite product according to the instructions described in this page.
+Common authentication needs to be setup for each QPR product according to the instructions described in this page.
-In common authentication, "username" attribute is used to match user accounts between QPR products.
+In common authentication, '''username''' attribute is used to match user accounts between QPR products.
 == Configuring Common Authentication for QPR ProcessAnalyzer ==
+For QPR ProcessAnalyzer the common authentication is configured to the [[Web.config_file_in_QPR_ProcessAnalyzer|'''web.config''']] file. Search the '''<Qpr.ProcessAnalyzer.Common.Properties.Settings>''' section in the file containing placeholders for the settings '''ServerGroupPA''', '''ServerGroupMD''' and '''ServerGroupMEA'''. To create a common authentication group to QPR UI, define the QPR UI url to the ServerGroupMD setting. To create a common authentication group to QPR Suite, define the QPR Suite url to the ServerGroupMEA setting. The setting ServerGroupPA is for creating an authentication group to another QPR ProcessAnalyzer server.
-The configuration file '''web.config''' in QPR ProcessAnalyzer Service is used for registering servers belonging to the common authentication server group. The servers can then share user sessions created for users.
+In the following example, the '''SERVERNAME''' needs to be replaced with the name of the corresponding QPR server:
-To set up a common authentication server group:
-#Create or change usernames in both the source and target QPR products, so that the usernames are identical in both products.
-#Configure common authentication settings by adding the URL of the product where the linking is done from to the web.config file of the target product. For example, to link between QPR ProcessAnalyzer Web Client, QPR MobileDashboard, and QPR Portal, do as follows:
-::*Add three groups, ServerGroupPA, ServerGroupMD, and ServerGroupMEA, to the web.config file under <Qpr.ProcessAnalyzer.Common.Properties.Settings> section. Specify the QPR ProcessAnalyzer service URLs for ServerGroupPA, the QPR MobileDashboard service URL(s) for ServerGroupMD, and the QPR Portal service URLs for ServerGroupMEA. See example below:
 <pre>
-            <setting name="ServerGroupPA" serializeAs="Xml">
+<setting name="ServerGroupMD" serializeAs="Xml">
-                <value>
+  <value>
-                    <ArrayOfString xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    <ArrayOfString xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
-                        xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+      <string>http://SERVERNAME:8080/EnticeServices/</string>
-                        <string>http://pa1.qpr.com</string>
+    </ArrayOfString>
-                        <string>http://pa2.qpr.com</string>
+  </value>
-                    </ArrayOfString>
+</setting>
-                </value>
+<setting name="ServerGroupMEA" serializeAs="Xml">
-            </setting>
+  <value>
-            <setting name="ServerGroupMD" serializeAs="Xml">
+    <ArrayOfString xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
-                <value>
+      <string>http://SERVERNAME/QPR2019-1/Portal/QPR.Isapi.dll</string>
-                    <ArrayOfString xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    </ArrayOfString>
-                        xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+  </value>
-                        <string>http://mobiledashboard:8080/EnticeServices/</string>
+</setting>
-                    </ArrayOfString>
-                </value>
-            </setting>
-            <setting name="ServerGroupMEA" serializeAs="Xml">
-                <value>
-                    <ArrayOfString xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-                        xmlns:xsd="http://www.w3.org/2001/XMLSchema">
-                        <string>http://mea1.qpr.com/QPR/Portal/QPRIsapi.dll</string>
-                        <string>http://mea2.qpr.com/QPR/Portal/QPRIsapi.dll</string>
-                    </ArrayOfString>
-                </value>
-            </setting>
 </pre>
-== Configuring Common Authentication for QPR MobileDashboard ==
+== Configuring Common Authentication for QPR UI ==
+To configure Common Authentication for QPR UI, follow these instructions:
-There are two ways to configure common authentication for QPR MobileDashboard:
+# Determine the needed setting string as follows: it uses format PRODUCTNAME,URL;PRODUCTNAME,URL;... where PRODUCTNAME is either '''WAS''', '''WS''' or '''PA'''. Example:<pre><nowiki>PA,http://localhost/QPRPA/MainService.svc/webHttp/;WAS,http://SERVERNAME/QPR2019-1/Portal/QPR.Isapi.dll;WS,http://SERVERNAME/QPR2019-1/Portal/QPR.Isapi.dll/wsforward/MainService.svc/webHttp/;</nowiki></pre> SERVERNAME is the name of the corresponding server.
-# During QPR MobileDashboard installation using the installation wizard (for instructions see step 8 in [[Installing QPR MobileDashboard]])
+# Login to the QPR UI database using '''SQL Server Management Studio'''.
-# After the installation to the database using SQL commands (instructions below)
+# Right click QPR UI database, select '''New Query''', and define following query:<br />'''SELECT VALUE_FIELD FROM [DATABASENAME].[dbo].[CONFIGURATIONENTITY] WHERE KEY_FIELD ='AUTHENTICATION_SERVICES';'''<br />If the query returns a row, store the result for backup.
+# If the step 4 query didn't return anything, run the following:<br />'''INSERT INTO [DATABASENAME].[dbo].[CONFIGURATIONENTITY](KEY_FIELD,VALUE_FIELD) VALUES ('AUTHENTICATION_SERVICES', 'SETTINGSTRING');'''<br />(replace the SETTINGSTRING with the one determined in step 1).
-To configure Common Authentication for QPR MobileDashboard after the installation to the database using SQL, follow these instructions:
+# If the step 4 query returned a row, run the following:<br />'''UPDATE [DATABASENAME].[dbo].[CONFIGURATIONENTITY] SET VALUE_FIELD = 'SETTINGSTRING' WHERE KEY_FIELD = 'AUTHENTICATION_SERVICES';'''<br />(replace the SETTINGSTRING with the one determined in step 1).
-# Determine the needed setting string. It uses following format: PRODUCTNAME,URL;PRODUCTNAME,URL;... where PRODUCTNAME is either WAS, WS or PA. Example:<br />'''<nowiki>WAS,http://SERVERNAME/QPR/Portal/QPR.Isapi.dll;WS,http://SERVERNAME/QPR/Portal/QPR.Isapi.dll/wsforward/MainService.svc/webHttp/;</nowiki>'''<br /> SERVERNAME is the name of the corresponding server.
-# Login to the QPR MobileDashboard database in the SQL Server using SQL Server Management Studio.
-# Right click QPR MobileDashboard database, select '''New Query''', and define following query:<br />'''SELECT VALUE_FIELD FROM [DATABASENAME].[dbo].[CONFIGURATIONENTITY] WHERE KEY_FIELD ='AUTHENTICATION_SERVICES';'''<br />If the query returns a row, store the result for backup.
-# If the step 4 query didn't return anything, execute following query to make the setting change:<br />'''INSERT INTO [DATABASENAME].[dbo].[CONFIGURATIONENTITY](KEY_FIELD,VALUE_FIELD) VALUES ('AUTHENTICATION_SERVICES', 'SETTINGSTRING');'''<br />(replace the SETTINGSTRING with the one determined in step 1).
-# If the step 4 query returned a row, execute following query to make the setting change:<br />'''UPDATE [DATABASENAME].[dbo].[CONFIGURATIONENTITY] SET VALUE_FIELD = 'SETTINGSTRING' WHERE KEY_FIELD = 'AUTHENTICATION_SERVICES';'''<br />(replace the SETTINGSTRING with the one determined in step 1).
-== Configuring Common Authentication for QPR Portal and QPR Web Services ==
-# In QPR server, open file '''C:\ProgramData\QPR Software\QPR 201X\201X.1\Servers\Settings\QPR_Servers.ini''' (where X is the QPR Suite version).
-# In section '''[UMS Settings]''' set '''EnableSSOForPortal=1''' (if EnableSSOForPortal setting already exists, change it; if doesn't, create it as a new line).
-# If you need to add common authentication to QPR MobileDashboard, in section '''[WAS Settings]''' add '''<nowiki>AuthenticationService_1=ENTICE,http://SERVERNAME:8080</nowiki>''' (SERVERNAME is the name of QPR MobileDashboard server that is used when accessing QPR MobileDashboard). If you also need to add common authentication to QPR ProcessAnalyzer, add also '''<nowiki>AuthenticationService_2=PA,http://SERVERNAME</nowiki>''' as a new line. Note the increasing number in the setting name.
-# Restart QPR service.
-For more information, see the detailed instructions: http://kb.qpr.com/qpr2016-1/index.html?common_qpr_authentication.htm
-== Linking between QPR Products ==
-Common QPR authentication enables opening links, such as QPR ProcessAnalyzer reports in QPR Portal, without additional authentication.
-=== QPR ProcessAnalyzer in QPR Portal ===
-To view an analysis created with QPR ProcessAnalyzer in QPR Portal, do as follows:
-# In QPR ProcessAnalyzer Excel Client, open the analysis you want to view.
-# To save the current analysis view as a bookmark, click the [[File:Portal Bookmarks.png|bottom]]'''Bookmark''' button, select '''New Bookmark''' and in the Bookmark Properties dialog that opens, click '''OK'''.
-# Find out the '''Id''' of the bookmark you just created by opening the [[Bookmark|Bookmark Properties dialog]] for the bookmark you created and see the Id in the '''Statistics''' group of that dialog.<br/>Optionally, in [[Manage Bookmarks|Manage Bookmarks dialog]], right click a column title, select '''Column Chooser''' from the popup and drag the Id column to the table.
-# In QPR Portal, create a new bookmark. Paste the bookmark Id to the end of a URL that is formatted as follows:<br/>'''<nowiki>http://<QPR ProcessAnalyzer server>/#bookmark=<bookmark id>&ui=1&XSESSION={#sys:sessionId}</nowiki><br/>'''Do not make changes to the {#sys:sessionId} tag, just copy it exactly like it is written above.<br/>For example: <nowiki>http://pa.qpr.com/#bookmark=1&ui=1&XSESSION={#sys:sessionId}</nowiki>.<br/>Note that using the "&ui" parameter with the value "1" will open the bookmark in [[Full Screen Mode]] inside the web page it was embedded in.
-# In QPR Portal, open the bookmark you created in the previous step and you will see the analysis without additional authentication.
-=== QPR ProcessAnalyzer in QPR MobileDashboard ===
+== Configuring Common Authentication for QPR Suite Portal and QPR Suite Web Service ==
-To view an analysis created with QPR ProcessAnalyzer in QPR MobileDashboard, do as follows:
+# In the QPR application server, open file '''C:\ProgramData\QPR Software\QPR 2019\2019.1\Servers\Settings\QPR_Servers.ini'''. Note that you may have other version than QPR Suite 2019.
-# In QPR ProcessAnalyzer Excel Client, open the analysis you want to view.
+# In the '''[UMS Settings]''' section, set '''EnableSSOForPortal=1''' (if EnableSSOForPortal setting already exists, change the existing setting. If the setting doesn't exist, create it as a new).
-# To save the current analysis view as a bookmark, click the [[File:Portal Bookmarks.png|bottom]]'''Bookmark''' button, select '''New Bookmark''' and in the Bookmark Properties dialog that opens, click '''OK'''.
+# If you are adding the common authentication to QPR UI, in the '''[WAS Settings]''' section, add <br> '''<nowiki>AuthenticationService_1=ENTICE,http://SERVERNAME:8080</nowiki>''' <br> SERVERNAME is the name of the QPR UI server that is used when accessing QPR UI (note that the url does not contain a path part, such as ''EnticeServices''). If you also need to add common authentication to QPR ProcessAnalyzer, add<br>'''<nowiki>AuthenticationService_2=PA,http://SERVERNAME</nowiki>'''<br>as a new line. Also, increase the number in the setting name if AuthenticationService_1 is already used.
-# Find out the '''Id''' of the bookmark you just created by opening the [[Bookmark|Bookmark Properties dialog]] for the bookmark you created and see the Id in the '''Statistics''' group of that dialog.<br/>Optionally, in [[Manage Bookmarks|Manage Bookmarks dialog]], right click a column title, select '''Column Chooser''' from the popup and drag the Id column to the table.
+# If using QPR Suite 2019.1 or later, check also that in the '''[WAS Settings]''' section, '''UseAuthenticationToken''' is set to '''1'''.
-# In QPR MobileDashboard, add a new External Content presentation object to the view, and define its URL as:<br/>'''<nowiki>http://<QPR ProcessAnalyzer server>/#bookmark=<bookmark id>&ui=1&XSESSION={#sys:sessionId}</nowiki>'''<br/>Do not make changes to the {#sys:sessionId} tag, just copy it exactly like it is written above.<br/>For example: <nowiki>http://pa.qpr.com/#bookmark=1&ui=1&XSESSION={#sys:sessionId}</nowiki>.<br/>Note that using the "&ui" parameter with the value "1" will open the bookmark in [[Full Screen Mode]] inside the web page it was embedded in.
+# If using QPR Suite 2019.1 or later, add the following line to the '''[WAS Settings]''' section:<br>'''<nowiki>AuthenticationService_1=WAS,http://SERVERNAME/QPR2019-1/Portal/QPR.Isapi.dll</nowiki>'''<br>It's important that the servername and protocol are same as defined in the '''HostScriptLocation''' setting (in the [WAS Settings] section). Also, increase the number in the setting name if AuthenticationService_1 and/or AuthenticationService_2 are already used. This setting is needed for the QPR Suite Web Service (WS) to use the common authentication to validate a session token from QPR Suite Web Application server (WAS).
+# Restart QPR Suite Windows service.
-Note: you can also show tabular QPR ProcessAnalyzer analyses in QPR MobileDashboard by using the Table presentation object.
+== Embed QPR Suite Portal in QPR UI ==
+QPR Suite Portal can be embedded into QPR UI using [[External Content Properties|External Content]] presentation object. When setting QPR Suite Portal url (in the '''External Content URL''' field), add the following parameter to the url: '''&xsession=<#sys:sessionId>'''. When the session id is passed to the Suite QPR Portal, user is automatically authenticated to QPR Portal using the common authentication.
-=== QPR Portal in QPR MobileDashboard ===
+== QPR UI Session Expiration ==
-QPR Portal can be embedded into QPR MobileDashboard using [[External Content Properties|External Content]] presentation object. When setting its url ('''External Content URL''' field), add the following parameter to the url:<br />
+QPR UI user session will expire if there is no communication with the QPR UI server within the defined time, which is by for 2 hours. The default expiration timeout can be changed by adding or editing the '''SESSION_EXPIRATION_TIME''' value (in minutes) in the '''CONFIGURATIONENTITY''' table in [[QPR UI System Settings|QPR UI database configuration table]].
-'''&xsession={#sys:sessionId}'''
-When the session id is passed to QPR Portal, user is automatically authenticated to QPR Portal using the common authentication.
+If session in QPR Suite or QPR ProcessAnalyzer is still valid when QPR UI session has expired, QPR UI session is automatically renewed without the need to input credentials.
-{{MDBSessionExpiration}}
+If federated authentication is in use, the user is redirected to the identity provider. Note that the session in the identity provider server may still be valid and thus there is not need to input credentials.
-[[Category: QPR MobileDashboard]]
+[[Category: QPR UI]]