I implemented the ticket based authentication solution. I added proxy so that the user will be redirected to login page instead of default windows authentication. I updated authentication module redirect URI. I can see the redirection working and see no problem with basic authentication.
However, the behavior when auth cookie expires isn't consistent with normal expectation. Let's say, I am on sheet 2 of an app and the auth cookie expires, the redirection URL (ProxyRestURI) is expected to be the URI where eventually I could be redirected so that there's now need to navigate again to the app and desired sheet.
Currently, it redirects me to the hub page "always". ProxyRestURI should ideally be the same URI as the page where he was prompted to login.
P.S : We created executive dashboard that is displayed 24x7 on monitors. The time out and more importantly the redirection back to hub instead of the desired sheet is deteriorating the experience.
The proxyRestUri should never do what you're requesting; that's not its purpose. The proxy service (which is what issues the tickets) is completely separate from the virtual proxy ("sso") that you've setup for people to use Qlik Sense. What it appears you are saying is that the "targetId" parameter you receive is not representing a URL that the end-user could use to get back to the spot they were before they were logged out.
Your code is expected to use proxyRestUri as a base URL to get to the "ticket" endpoint to request an authentication ticket. In that request, you're required to supply the value of the "targetId" parameter you received. That "targetId" is expected to represent the URL that the browser was trying to get to when it got sent to your code to (re)authenticate.
When you successfully get a ticket back from the QPS authentication API (proxyRestUri), the "TargetId" will be replaced with a "TargetUri". And you complete the process by redirecting the browser to "TargetUri", adding in the supplied "Ticket".
I am having the same issue here. We built a custom login page, that works with taking you to the hub but if I wanted to send someone a link to a mashup url for example and they are not authenticated, they will get taken to the login page and then the hub. The user would then have to paste the mashup url again to get to the mashup.
By default qlik does this well. Send someone a url, they login, and they are taken to the requested url. However, with a custom login page you end up at the hub instead of the page requested.