Skip to main content

Deployment & Management

Discussion board where members learn more about Qlik Sense Installation, Deployment and Management.

Announcements
QlikWorld 2023, a live, in-person thrill ride. Save $300 before February 6: REGISTER NOW!
cancel
Showing results for 
Search instead for 
Did you mean: 
celindho
Partner - Creator
Partner - Creator

Reverse proxy with custom authentication module - problem with TargetURI

Hi,

I have a Qlik Sense environment with IIS reverse proxy and a custom authentication (ticketing) module. The problem is that the TargetId (and thus TargetURI) that Qlik Sense provides to the authentication module uses the URL that the IIS reverse proxy uses to access Qlik Sense and not the URL that the end user uses when accessing the IIS reverse proxy.

Any ideas how to configure the reverse proxy setup so that the ticketing works correctly?

e.g. the user accesses the reverse proxy using “https://reverse.proxy.company.com/hub” which passes the request to Qlik Sense at the address “http://sense.internal:8080/reverse/hub”. The request is then forwarded to the authentication module at “https://authentication.company.com” with a TargetId corresponding to a TargetURI of “http://sense.internal:8080/reverse/hub”. When the user has authenticated a redirect is sent to the TargetURI which obviously is not accessible for the end user.

BR,

-Christian

6 Replies
Not applicable

Dear Christian,

did you manage to solve this issue ?

Best regards,

Karl

celindho
Partner - Creator
Partner - Creator
Author

No, we did not manage to solve this in a pretty way. We bult a URL rewrite into the auth module. Not nice, but got the job done.

Not applicable

We are also dealing with problem and are missing a good solution!

patrickdoerr
Contributor
Contributor

Same issue as mentioned. Changed our reverse proxy functionality to bigip (f5 waf) - and now the targetId references to the internal server address.

Could not find any difference in the initial GET request from browser (cookies, header, parameters etc.).

Any news about this? Could not find anything how QlikSense is generating the targetID.

 

Damien_Villaret
Support
Support

From Qlik Sense November 2018, you can set the "X-Forwarded-Host" header (you can set in your reverse proxy rules to set this header on all requests) to the reverse proxy url so that the targetURI is built correctly. 

For previous versions, I am afraid you will need to build the URI in your authentication module code as you have already done.

 

https://qliksupport.force.com/articles/000060728

If the issue is solved please mark the answer with Accept as Solution.
patrickdoerr
Contributor
Contributor

Thanks for your help!

Got it already working by setting the "Host"-header static to public DNS in our reverse proxy.

We did some debugging with proxy logs (debug level on), and could identify this header as the problem.

Sadly my last post here with the solution got lost.. 😞

We will try the "X-Forwarded-Host" too, because it seems like the better solution instead of rewriting a existing header.

 

Kind regards

Patrick Doerr