- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to establish a secure web socket connection (wss://) using Qlik Engine API ?
Hi everybody,
I have found a nice article describing how to consume Qlik Engine API by making use of Web Sockets.
http://sentienttidbits.blogspot.com.tr/2014/09/a-simple-websocket-client.html
This example is using Qlik Sense Dekstop so that it doesn't have to worry about authentication because in Desktop basically there is only one user that can use the API.
But how about using Qlik Sense Server's web socket layer? It sounds to me that we need to use wss:// and some sort of certificates for making API calls but couldn't find a way.
All I want to do is to authenticate a user first somehow in a custom client application (using ticketing or etc.) and then use this very same user to fetch Qlik App Data (based on the security level it has) to be used in this application.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
And to answer your question a bit more clearly,
If your user already is authenticated, i.e a session cookie exists then supply that cookie in the http upgrade request and the socket will open.
If your is not authenticated and you use ticketing, supply ?qlikTicket=<ticket> value to your wss://server/app/<enginesession> connection. This will consume the ticket and send a Set-Cookie header back containing your session cookie.
Another concept to look out for is what we refer to as the whitelist.
In Qlik Sense QMC under your virtual proxy we have something called the origin whitelist. Everytime a websocket connection is established (well the http upgrade to be technical) we verify the origin of that request against the whitelist to determain if you should be granted access. So make sure whatever service you are building has it's origin listed in the whitelist.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
any idea or answer ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you using .Net for your development? If so, have you tried using the Qlik Sense .Net SDK? With that SDK you can connect as NTLM user like this:
var location = Location.FromUri(new Uri(<my Uri>));
location.AsNtlmUserViaProxy();
using (var hub = location.Hub())
{
Console.WriteLine(hub.ProductVersion());
}
The documentation for the method can be found here: LocationExtensions.AsNtlmUserViaProxy Method
General information regarding getting started with the SDK can be found here: Qlik Sense .NET SDK ‒ Qlik Sense
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Øystein, thanks for the reply.
Actually, i want to build a platform-independent solution.
I am aware of the .NET SDK but in the future, I may require to use Java or Objective-C to build native mobile apps.
So, i basically need to establish a secure web socket connection with some socket clients that are based on these environments.
Recently, i have found a utility based on Javascript. it makes sense to use it and it is working as exactly as i want.
https://github.com/mindspank/qsocks
But i still need to find out how i can adapt this utility into a generic solution so that i can use it when building let's say an Android app. In the following days, i will be working on this subject and will update this topic when there is an applicable solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey Ismail,
You can just use qsocks as a starting point, the architecture will be pretty similar regardless of language.
I have used jetty for Java in the past which worked ok as a websocket client.
You probably won't find something that is generic enough to cross-compile between platforms but the code architecture will look the same.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
And to answer your question a bit more clearly,
If your user already is authenticated, i.e a session cookie exists then supply that cookie in the http upgrade request and the socket will open.
If your is not authenticated and you use ticketing, supply ?qlikTicket=<ticket> value to your wss://server/app/<enginesession> connection. This will consume the ticket and send a Set-Cookie header back containing your session cookie.
Another concept to look out for is what we refer to as the whitelist.
In Qlik Sense QMC under your virtual proxy we have something called the origin whitelist. Everytime a websocket connection is established (well the http upgrade to be technical) we verify the origin of that request against the whitelist to determain if you should be granted access. So make sure whatever service you are building has it's origin listed in the whitelist.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Many thanks Alexander,
This is exactly what i need to hear to learn about the underlying mechanism. The key point for me is to get the current session or create a new one.
So, now i can use whatever technology i want to reach the same goal
Sincerely,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have implemented authentication, but still I am getting websocket connection failed error. If I whitelist my client host in virtual proxy, it works fine. Could you please let me know, what is that I am missing