Qlik Sense: Modify REST connections for Monitoring Apps to use JWT authentication

Sonja_Bauernfeind — Tue, 23 Feb 2021 09:05:33 GMT

This describes how to modify REST connections for Monitoring Apps to use JWT authentication.
This is useful when Windows authentication cannot be used, for example, if Kerberos is enabled on the proxy service, Windows authentication will fail as the REST connector does not support Kerberos.

Environments:

Qlik Sense Enterprise for Windows June 2018 and later

Step 1: First of all, a virtual proxy with JWT authentication needs to be set up.
Please refer to below article for the setup:
Qlik Sense: How to set up JWT authentication

Step 2: Then a JWT token needs to be generated, it can be generated with custom code, or by using directly the debugger on jwt.io.
This is as well described in the above article.
The JWT token needs to be issued to a user that is a RootAdmin in Qlik Sense.

Warning: JWTs are credentials, which can grant access to resources. Be careful that your security rules are correctly set so that other users do not have "Update" rights on the monitoring apps REST connection where you have pasted your JWT token.

Example of JWT token:

eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiJBZG1pbmlzdHJhdG9yIiwidXNlckRpcmVjdG9yeSI6IkRPTUFJTiIsImV4cCI6MTU5MDc1ODg0N30.eEgQ8WLL3dLxmjuDcxaCig9CKKXd0HVgnOH6CG0qGYyA_uhKChSFyZwDF7w5R0MpquBviipEt-lMLr4rwxP5xJ8KN01HATbJK0UHrBWx_RUiEeItkDtALNn-Iq5JdEqk6UjNN0VH8UrRdU01k1jguIQNYCILvpS_klcTkbWc0_Qd_PkH3zf_96FNGRM-h3M2alHYEytGW2Tl46K-hp3jDLWViICANPWgJHwlIqeuA8o8Ejbg0UzGy3OKpiKpzDF07zPcwPIqNEAr3B-gfVEiO1KqtapWJhQqecxCH2WvucDc9zHimhPNCLmi4RQ4oeaG0iaYTEtBtkbJDGY8eYf7Hw

PAYLOAD:

{ "userId": "Administrator", "userDirectory": "DOMAIN", "exp":1590758847 }

Step 3: Modify each of the REST connection:

Before

CUSTOM CONNECT TO "provider=QvRestConnector.exe;url=https://localhost/qrs/app/full;timeout=900;method=GET;autoDetectResponseType=true;keyGenerationStrategy=0;authSchema=ntlm;skipServerCertificateValidation=true;useCertificate=No;certificateStoreLocation=LocalMachine;certificateStoreName=My;trustedLocations=qrs-proxy%2https://localhost:4244;queryParameters=xrfkey%20000000000000000;addMissingQueryParametersToFinalRequest=false;queryHeaders=X-Qlik-XrfKey%20000000000000000%1User-Agent%2Windows;PaginationType=None;"

After:

CUSTOM CONNECT TO "provider=QvRestConnector.exe;url=https://localhost/jwt/qrs/app/full;timeout=900;method=GET;autoDetectResponseType=true;keyGenerationStrategy=0;authSchema=anonymous;skipServerCertificateValidation=true;useCertificate=No;certificateStoreLocation=LocalMachine;certificateStoreName=My;trustedLocations=qrs-proxy%2https://localhost:4244;queryParameters=xrfkey%20000000000000000;addMissingQueryParametersToFinalRequest=false;queryHeaders=X-Qlik-XrfKey%20000000000000000%1Authorization%2Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiJBZG1pbmlzdHJhdG9yIiwidXNlckRpcmVjdG9yeSI6IkRPTUFJTiJ9.kimatrXjNq_O765XOgfOs4XgZLLObtv50rnexT2IvxxPGTdhzxabcsp0Dg0MMRkH_Rzs129dnY_Ec5guIYqJYItbe_azm7adKsCFfO2pEF9qLY7dLp25WB3EQwk0VKxp7pC-sEMydSHME1EdWjCe24pISJco-N2-3yGCFb9uAgu2Q86jq41KRb-To4XOCLxiLWYCe1YJc0wa86F4Yzs4ryflauYevQT9UeE3gYJBHadrocAVFM2D6is5rmGnjfRzVQFY-jxLBccRNOSpfhNnvPZ56CpzkMAR93Abf-Uobda8GYyMdkVoQLxRFYP7r7mLbGaamCwUIApcHtUc7b3LEg;PaginationType=None;"

article Qlik Sense: Modify REST connections for Monitoring Apps to use JWT authentication in Official Support Articles

Qlik Sense: Modify REST connections for Monitoring Apps to use JWT authentication