Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
See what Drew Clarke has to say about the Qlik Talend Cloud launch! READ THE BLOG
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
eva_bornaccini
Contributor
Contributor
‎2022-06-09 07:08 AM

Issue in retrieve data from Qliksense from a third-party system

A virtual proxy was created on our QlikSense enterprise multi-node environment by selecting the OIDC authentication method.
These are the main data used to configure virtual-the proxy:
- Prefix: 'sso'
- Session cookie header name: 'X-Qlik-Session-sso'
- OIDC Metadata URI: 'https://sts-dev.fiat.com/adfs/.well-known/openid-configuration'
The configuration works correctly, if an user open sense-test.maserati.com/sso, he is redirected to sts-dev.fiat.com (based on ADFS) and after entering his credentials he is redirected again to sense-test.maserati.com/sso, resulting authenticated and authorized.
Following this communication exchange, Qlik returns the 'X-Qlik-Session-sso' cookie in response, which allows the user to remain in session.
We now need to retrieve data from Qlik from a third-party system, accessing via WebSocket.
Getting the access_token from ADFS, what is the way to open a WebSocket by authenticating the relative user?
We tried to pass the {Authorization}={Bearer xxx} header in the request but the connection to the WebSocket is always blocked and the session is suspended, returning the code 1006.
Is there any change to get the X-Qlik-Session-sso exchanging it with the access_token retrieved from ADFS?

We have already asked to Qlik support that told us that to access Qlik via WebSocket we will need to use a separate virtual proxy with jwt authentication.
But..Is there the possibility to combine it with the current virtual proxy using OIDC authentication?
Hope someone can help 🙂
thanks in advance
Eva

Labels (3)
Labels
380 Views
0 Likes
1 Solution

Accepted Solutions
alex_colombo
Employee
Employee
‎2022-11-10 06:01 AM

Hi @eva_bornaccini , if you are working on client side, you could follow the same path as your virtual proxy is doing, but from your code.

As first step you could fetch a static content from Qlik Server pointing to your sso VP, such as

const connectResponse = await fetch(`https://_yourQlikServerHostName_/sso/content/Default/Qlik_default_orange.png`, {
  credentials: "include"
});

From the header response you should have the new location for redirect the user to the login page. Take this url and redirect the user.

const connectResponse = await fetch(`https://_yourQlikServerHostName_/sso/content/Default/Qlik_default_orange.png`, {
  credentials: "include"
});
if (connectResponse.status !== 200) {
  const loginUrl = new URL(`_yourRedirectUrl`);
  loginUrl.searchParams.append("returnto", window.location.href);
  window.location.href = loginUrl;
}

User will insert the credential, you will have your cookie and user will be redirected to your web site. Then, your fetch request to static content will result as 200 ok and then you can open the webSocket.

View solution in original post

209 Views
0 Likes
1 Reply
alex_colombo
Employee
Employee
‎2022-11-10 06:01 AM

Hi @eva_bornaccini , if you are working on client side, you could follow the same path as your virtual proxy is doing, but from your code.

As first step you could fetch a static content from Qlik Server pointing to your sso VP, such as

const connectResponse = await fetch(`https://_yourQlikServerHostName_/sso/content/Default/Qlik_default_orange.png`, {
  credentials: "include"
});

From the header response you should have the new location for redirect the user to the login page. Take this url and redirect the user.

const connectResponse = await fetch(`https://_yourQlikServerHostName_/sso/content/Default/Qlik_default_orange.png`, {
  credentials: "include"
});
if (connectResponse.status !== 200) {
  const loginUrl = new URL(`_yourRedirectUrl`);
  loginUrl.searchParams.append("returnto", window.location.href);
  window.location.href = loginUrl;
}

User will insert the credential, you will have your cookie and user will be redirected to your web site. Then, your fetch request to static content will result as 200 ok and then you can open the webSocket.

210 Views
0 Likes