Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Open Lakehouse is Now Generally Available! Discover the key highlights and partner resources here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
jan_gunnars
Partner - Contributor III
Partner - Contributor III
‎2025-03-25 03:53 AM

Enigma connection from front end fails after upgrade to Qlik Sense Enterprise November 2024

We are trying to create a websocket connection using Enigma from our frontend web application to our Qlik Sense Enterprise Nov 2024. Before upgrading we had QSE May 2023 Patch 19 and then it worked.

QSE and web application are on different domains. Authentication worked by acquiring a login url via the websocket session, and redirecting the user to get a ticket.

The Virtual proxy is configured to use OIDC as authentication method.

We found the following article explaining that a CRSF token is now required to establish an enigma connection. However, we can't find a way to retrieve the CSRF token from a pure frontend application.

Is there any way to establish an enigma connection without the CSRF token, or is there any way to retrieve the CSRF token without access to a backend server?

Qlik Sense Enterprise on Windows: Extended WebSock... - Qlik Community - 2509211

We have added the response headers

Access-Control-Allow-Origin: https://qse.ourdomain.com,https://ourwebapp.webdomain.com
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: qlik-csrf-token

 We have added ourwebapp.webdomain.com to the white list

Labels (2)
Labels
377 Views
0 Likes
3 Replies
alex_colombo
Employee
Employee
‎2025-03-27 05:03 AM

Hey @jan_gunnars , you have to use QPS API for getting crsf token for the current proxy session. Assuming that you are already authenticated, this is how to get a CSRF token and attach to websocket url.

const csrfToken = await axios.get(`https://${config.host}${config.virtualProxy}/qps/csrftoken`, {
   headers: {
     'Cookie': xQlikCookie
   }
 });
 // console.log("csrfToken: ", csrfToken.headers['qlik-csrf-token']);

 // Create a enigma session
 const session = enigma.create({
   schema,
   url: `wss://${config.host}${config.virtualProxy}/app/${config.appId}?qlik-csrf-token=${csrfToken.headers['qlik-csrf-token']}`,
   createSocket: (url) => new WebSocket(url, {
     headers: {
       'Cookie': xQlikCookie   //Use it for all your websockets
     },
   }),
 });

327 Views
0 Likes
jan_gunnars
Partner - Contributor III
Partner - Contributor III
‎2025-04-02 04:15 AM
Author

In response to alex_colombo

Thank you for the reply, the suggested solution requires that we are already authenticated but this is not the case. Currently, we are redirecting the user to the login URL acquired as a response from the websocket connection. Now we are blocked immediately when we try to connect to the websocket. 

281 Views
0 Likes
alex_colombo
Employee
Employee
‎2025-04-03 03:20 AM

What I would do is to request a different Qlik resource for trigger authentication. You can get a static image (https://_qlikServer_/content/Default/Qlik_default_orange.png), or call a simple API (https://_qlikServer_/qrs/about) for receving login URL as response. In this way users should be able to authenticate and then you can get CSRF token.

263 Views
0 Likes