Hi. Good afternoon.

We are using Authentication Headers combined to Share/Embed Qlik objects inside an iFrame.  Do to so we implemented a inverse proxy (Java Servlet) which we tested against multiple standard and web-socket test pages in the internet.

Reference: https://help.qlik.com/en-US/sense-developer/May2022/Subsystems/Platform/Content/Sense_PlatformOvervi...

When we execute the link generated by the HUB in one tab we get the following error after 3 transactions in the websocket:

code: 403, parameter: "Object read error.", message: "Forbidden"

and also the "Access is denied" error in the browser.

Of course, if I access the hub (a direct link in the browser with standard authentication instead of header authentication) with the same user we set in the authentication header, it works perfectly without any error.

Please find all the transactions, including the web socket ones in the attached zip containing a HAR file. 

We've tried with many different directories (windows domain, SAML, and others) without success. The Windows domain one works fine (we can see the rendered object in the browser) but it can't be used in production since our users will not be in the Windows Directory. 

We generated a a new Qlik Proxy (hdr) for this subject, configured to Header Authentication.

We suspect that it could be a misconfiguration at Qlik side but we don't know how to proceed. We don't see any particular error in the logs at Qlik side.

Many thanks for any help on the subject and also don't hesitate in asking any further question.