Common QPR Authentication

Common authentication enables linking from one QPR Suite product to the other without the need of a separate login for the product that is the link target. When you are authenticated to one QPR Suite product, you are automatically authenticated all other QPR Suite products as well. It is possible to configure a common authentication between following QPR Suite products:

• QPR ProcessAnalyzer Web Service
• QPR ProcessAnalyzer Web Client
• QPR UI
• QPR Portal
• QPR Web Services

Common authentication works in a way that if there is a valid (non expired) session existing in any of the systems, sessions for the other systems are refreshed automatically without the need to login again. If all sessions have expired, there is a need to relogin. If a session has been expired, a valid session in other system is able to renew the expired session without notifying user.

Common authentication needs to be setup for each QPR Suite product according to the instructions described in this page.

In common authentication, "username" attribute is used to match user accounts between QPR products.

Configuring Common Authentication for QPR UI

There are two ways to configure common authentication for QPR UI:

1. During QPR UI installation using the installation wizard (for instructions see step 8 in Installing QPR UI)
2. After the installation to the database using SQL commands (instructions below)

To configure Common Authentication for QPR UI after the installation to the database using SQL, follow these instructions:

1. Determine the needed setting string. It uses following format: PRODUCTNAME,URL;PRODUCTNAME,URL;... where PRODUCTNAME is either WAS, WS or PA. Example:
   WAS,http://SERVERNAME/QPR/Portal/QPR.Isapi.dll;WS,http://SERVERNAME/QPR/Portal/QPR.Isapi.dll/wsforward/MainService.svc/webHttp/;
   SERVERNAME is the name of the corresponding server.
2. Login to the QPR UI database in the SQL Server using SQL Server Management Studio.
3. Right click QPR UI database, select New Query, and define following query:
   SELECT VALUE_FIELD FROM [DATABASENAME].[dbo].[CONFIGURATIONENTITY] WHERE KEY_FIELD ='AUTHENTICATION_SERVICES';
   If the query returns a row, store the result for backup.
4. If the step 4 query didn't return anything, execute following query to make the setting change:
   INSERT INTO [DATABASENAME].[dbo].[CONFIGURATIONENTITY](KEY_FIELD,VALUE_FIELD) VALUES ('AUTHENTICATION_SERVICES', 'SETTINGSTRING');
   (replace the SETTINGSTRING with the one determined in step 1).
5. If the step 4 query returned a row, execute following query to make the setting change:
   UPDATE [DATABASENAME].[dbo].[CONFIGURATIONENTITY] SET VALUE_FIELD = 'SETTINGSTRING' WHERE KEY_FIELD = 'AUTHENTICATION_SERVICES';
   (replace the SETTINGSTRING with the one determined in step 1).

Configuring Common Authentication for QPR ProcessAnalyzer

The configuration file web.config in QPR ProcessAnalyzer Service is used for registering servers belonging to the common authentication server group. The servers can then share user sessions created for users.

To set up a common authentication server group:

1. Create or change usernames in both the source and target QPR products, so that the usernames are identical in both products.
2. Configure common authentication settings by adding the URL of the product where the linking is done from to the web.config file of the target product. For example, to link between QPR ProcessAnalyzer Web Client, QPR UI, and QPR Portal, do as follows:

• Add three groups, ServerGroupPA, ServerGroupMD, and ServerGroupMEA, to the web.config file under <Qpr.ProcessAnalyzer.Common.Properties.Settings> section. Specify the QPR ProcessAnalyzer service URLs for ServerGroupPA, the QPR UI service URL(s) for ServerGroupMD, and the QPR Portal service URLs for ServerGroupMEA. See example below:

<setting name="ServerGroupPA" serializeAs="Xml">
  <value>
    <ArrayOfString xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
      <string>http://pa1.qpr.com</string>
      <string>http://pa2.qpr.com</string>
    </ArrayOfString>
  </value>
</setting>
<setting name="ServerGroupMD" serializeAs="Xml">
  <value>
    <ArrayOfString xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
      <string>http://UI:8080/EnticeServices/</string>
    </ArrayOfString>
  </value>
</setting>
<setting name="ServerGroupMEA" serializeAs="Xml">
  <value>
    <ArrayOfString xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
      <string>http://qprsuite1.qpr.com/QPR/Portal/QPRIsapi.dll</string>
      <string>http://qprsuite2.qpr.com/QPR/Portal/QPRIsapi.dll</string>
    </ArrayOfString>
  </value>
</setting>

Configuring Common Authentication for QPR Portal and QPR Web Services

1. In QPR server, open file C:\ProgramData\QPR Software\QPR 201X\201X.1\Servers\Settings\QPR_Servers.ini (where X is the QPR Suite version).
2. In section [UMS Settings] set EnableSSOForPortal=1 (if EnableSSOForPortal setting already exists, change it; if doesn't, create it as a new line).
3. If you need to add common authentication to QPR UI, in section [WAS Settings] add AuthenticationService_1=ENTICE,http://SERVERNAME:8080 (SERVERNAME is the name of QPR UI server that is used when accessing QPR UI). If you also need to add common authentication to QPR ProcessAnalyzer, add also AuthenticationService_2=PA,http://SERVERNAME as a new line. Note the increasing number in the setting name.
4. Restart QPR service.

For more information, see the detailed instructions: http://kb.qpr.com/qpr2016-1/index.html?common_qpr_authentication.htm

Embed QPR Suite Portal in QPR UI

QPR Portal can be embedded into QPR UI using External Content presentation object. When setting its url (External Content URL field), add the following parameter to the url:
&xsession={#sys:sessionId}

When the session id is passed to QPR Portal, user is automatically authenticated to QPR Portal using the common authentication.

Template:MDBSessionExpiration