https://community.qlik.com/t5/Integration-Extension-APIs/Issue-Loading-Qlik-Mashup-Resources-via-Okta-SSO-on-External/m-p/2520157#M22256 <P>&nbsp;</P> <P data-start="196" data-end="203">Hi all,</P> <P data-start="205" data-end="406">We are using <STRONG data-start="218" data-end="254">Qlik Sense Enterprise on Windows</STRONG>, and currently have a mashup hosted on <CODE data-start="294" data-end="318">devqlik.our-domain.com</CODE> which is in the same environment as our Qlik Sense deployment. Users successfully authenticate via <STRONG data-start="356" data-end="364">Okta</STRONG> and access the mashup without any issues.</P> <P data-start="408" data-end="595">Our current task is to integrate the same mashup into another portal hosted on a different domain — for example, <CODE data-start="521" data-end="542">external-portal.com</CODE>. We created a simple <CODE data-start="564" data-end="575">test.html</CODE> file that includes:</P> <P><LI-WRAPPER></LI-WRAPPER></P> <PRE class="overflow-visible!" data-start="597" data-end="715"><CODE class="whitespace-pre! language-html"><SPAN><SPAN class="hljs-tag">&lt;<SPAN class="hljs-name">script</SPAN></SPAN> <SPAN class="hljs-attr">src</SPAN>=<SPAN class="hljs-string">"https://devqlik.our-domain.com/okta/resources/assets/external/requirejs/require.js"</SPAN>&gt;<SPAN class="hljs-tag">&lt;/<SPAN class="hljs-name">script</SPAN></SPAN>&gt;</SPAN></CODE></PRE> <P data-start="717" data-end="773">(other resources like</P> <DIV> <PRE><SPAN>qlik-styles.css</SPAN></PRE> </DIV> <P data-start="717" data-end="773">behind Okta are also referenced.)</P> <P data-start="775" data-end="1058">While we are logged into Okta in a separate browser tab, accessing <CODE data-start="842" data-end="873">external-portal.com/test.html</CODE> fails to load <CODE data-start="888" data-end="900">require.js</CODE> from <CODE data-start="906" data-end="930">devqlik.our-domain.com</CODE>. The browser DevTools show a <STRONG data-start="960" data-end="973">302 Found</STRONG> redirect to an Okta SSO endpoint (e.g., Location:&nbsp;<CODE data-start="1014" data-end="1056">...okta.com/.../sso/saml?SAMLRequest=...</CODE>).</P> <P data-start="1060" data-end="1207">This suggests the request is being redirected for authentication, despite the existing Okta session and valid cookies being present in the browser.</P> <P data-start="1209" data-end="1489"><STRONG data-start="1209" data-end="1222">Question:</STRONG><BR data-start="1222" data-end="1225" />Is this behavior expected? Could this be due to client-side cross-domain restrictions (e.g., third-party cookies or CORS), or is it likely a server-side configuration issue? Our back-end engineer mentioned that our host has been added to the list of allowed hosts.<BR /><BR /></P> <P data-start="1463" data-end="1486"><STRONG data-start="1463" data-end="1486">Additional context:</STRONG></P> <UL data-start="1487" data-end="1793"> <LI data-start="1487" data-end="1694"> <P data-start="1489" data-end="1694">This is the <STRONG data-start="1501" data-end="1516">first phase</STRONG> of our integration. The <STRONG data-start="1541" data-end="1555">final goal</STRONG> is to embed and load Qlik reports <STRONG data-start="1590" data-end="1643">seamlessly, without requiring Okta authentication</STRONG> — potentially via <STRONG data-start="1662" data-end="1693">ticket-based authentication</STRONG>.</P> </LI> <LI data-start="1695" data-end="1793"> <P data-start="1697" data-end="1793">The external portal (<CODE data-start="1718" data-end="1739">external-portal.com</CODE>) currently uses <STRONG data-start="1756" data-end="1768">Keycloak</STRONG> for user authentication.</P> </LI> </UL> <P data-start="1795" data-end="1994">I’d appreciate any guidance on whether this issue lies on the client or server side, and any suggestions for how to move toward a seamless integration using ticket authentication or other approaches.</P> <P data-start="1491" data-end="1556">Any insights or similar experiences would be greatly appreciated.</P> <P data-start="1558" data-end="1565">Thanks!</P> Wed, 04 Jun 2025 17:23:52 GMT Oleks 2025-06-04T17:23:52Z https://community.qlik.com/t5/Integration-Extension-APIs/Issue-Loading-Qlik-Mashup-Resources-via-Okta-SSO-on-External/m-p/2520157#M22256 <P>&nbsp;</P> <P data-start="196" data-end="203">Hi all,</P> <P data-start="205" data-end="406">We are using <STRONG data-start="218" data-end="254">Qlik Sense Enterprise on Windows</STRONG>, and currently have a mashup hosted on <CODE data-start="294" data-end="318">devqlik.our-domain.com</CODE> which is in the same environment as our Qlik Sense deployment. Users successfully authenticate via <STRONG data-start="356" data-end="364">Okta</STRONG> and access the mashup without any issues.</P> <P data-start="408" data-end="595">Our current task is to integrate the same mashup into another portal hosted on a different domain — for example, <CODE data-start="521" data-end="542">external-portal.com</CODE>. We created a simple <CODE data-start="564" data-end="575">test.html</CODE> file that includes:</P> <P><LI-WRAPPER></LI-WRAPPER></P> <PRE class="overflow-visible!" data-start="597" data-end="715"><CODE class="whitespace-pre! language-html"><SPAN><SPAN class="hljs-tag">&lt;<SPAN class="hljs-name">script</SPAN></SPAN> <SPAN class="hljs-attr">src</SPAN>=<SPAN class="hljs-string">"https://devqlik.our-domain.com/okta/resources/assets/external/requirejs/require.js"</SPAN>&gt;<SPAN class="hljs-tag">&lt;/<SPAN class="hljs-name">script</SPAN></SPAN>&gt;</SPAN></CODE></PRE> <P data-start="717" data-end="773">(other resources like</P> <DIV> <PRE><SPAN>qlik-styles.css</SPAN></PRE> </DIV> <P data-start="717" data-end="773">behind Okta are also referenced.)</P> <P data-start="775" data-end="1058">While we are logged into Okta in a separate browser tab, accessing <CODE data-start="842" data-end="873">external-portal.com/test.html</CODE> fails to load <CODE data-start="888" data-end="900">require.js</CODE> from <CODE data-start="906" data-end="930">devqlik.our-domain.com</CODE>. The browser DevTools show a <STRONG data-start="960" data-end="973">302 Found</STRONG> redirect to an Okta SSO endpoint (e.g., Location:&nbsp;<CODE data-start="1014" data-end="1056">...okta.com/.../sso/saml?SAMLRequest=...</CODE>).</P> <P data-start="1060" data-end="1207">This suggests the request is being redirected for authentication, despite the existing Okta session and valid cookies being present in the browser.</P> <P data-start="1209" data-end="1489"><STRONG data-start="1209" data-end="1222">Question:</STRONG><BR data-start="1222" data-end="1225" />Is this behavior expected? Could this be due to client-side cross-domain restrictions (e.g., third-party cookies or CORS), or is it likely a server-side configuration issue? Our back-end engineer mentioned that our host has been added to the list of allowed hosts.<BR /><BR /></P> <P data-start="1463" data-end="1486"><STRONG data-start="1463" data-end="1486">Additional context:</STRONG></P> <UL data-start="1487" data-end="1793"> <LI data-start="1487" data-end="1694"> <P data-start="1489" data-end="1694">This is the <STRONG data-start="1501" data-end="1516">first phase</STRONG> of our integration. The <STRONG data-start="1541" data-end="1555">final goal</STRONG> is to embed and load Qlik reports <STRONG data-start="1590" data-end="1643">seamlessly, without requiring Okta authentication</STRONG> — potentially via <STRONG data-start="1662" data-end="1693">ticket-based authentication</STRONG>.</P> </LI> <LI data-start="1695" data-end="1793"> <P data-start="1697" data-end="1793">The external portal (<CODE data-start="1718" data-end="1739">external-portal.com</CODE>) currently uses <STRONG data-start="1756" data-end="1768">Keycloak</STRONG> for user authentication.</P> </LI> </UL> <P data-start="1795" data-end="1994">I’d appreciate any guidance on whether this issue lies on the client or server side, and any suggestions for how to move toward a seamless integration using ticket authentication or other approaches.</P> <P data-start="1491" data-end="1556">Any insights or similar experiences would be greatly appreciated.</P> <P data-start="1558" data-end="1565">Thanks!</P> Wed, 04 Jun 2025 17:23:52 GMT https://community.qlik.com/t5/Integration-Extension-APIs/Issue-Loading-Qlik-Mashup-Resources-via-Okta-SSO-on-External/m-p/2520157#M22256 Oleks 2025-06-04T17:23:52Z