Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Introducing Qlik Answers: A plug-and-play, Generative AI powered RAG solution. READ ALL ABOUT IT!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
LorisLombardo87
Partner - Contributor III
Partner - Contributor III
‎2024-05-09 07:06 AM

JWT 401 unauthorized

Hi all,

i'm trying to login to qlik using a JWT token but when i try to post to https://horsadev.eu.qlikcloud.com/login/jwt-session with the the web integration id and the bearer token i get the following error.

LorisLombardo87_0-1715252504937.png

the token is made up like this:

LorisLombardo87_2-1715252675807.png

user details: name sub and email are the exactly like the console.

any idea of what can go wrong here?

 

thanks,

Loris

Labels (3)
Labels
903 Views
15 Replies
LorisLombardo87
Partner - Contributor III
Partner - Contributor III
‎2024-05-10 11:36 AM
Author

In response to alex_colombo

Hi Alex, Sure!

the http request is as follow:

 async jwtLogin(token: string) {
    const authHeader = `Bearer ${token}`;
    return await fetch(`https://${environment.QlikTenant}/login/jwt-session?qlik-web-integration-id=${environment.webIntegrationID}`, {
      credentials: 'include',
      mode: 'cors',
      method: 'POST',
      headers: {
        'Authorization': authHeader,
        'qlik-web-integration-id': environment.webIntegrationID,
        'Content-Type': 'application/json'
      },
    })
  }

 

the IdP configuration is very simple:
 

LorisLombardo87_0-1715355198808.png

issuer and keyid have been left blank at the moment of creation, the one you see have been automatically populated by the console, and are matching what's in the JWT.

 

thanks for the support,

Loris

264 Views
0 Likes
alex_colombo
Employee
Employee
‎2024-05-13 05:30 AM

In response to LorisLombardo87

You don't need the webintegration id, mode:CORS and credential: include. Could you please remove them and try again. Also, try to compare my request with yours and di exactly the same, it should work.

241 Views
0 Likes
LorisLombardo87
Partner - Contributor III
Partner - Contributor III
‎2024-05-13 06:02 AM
Author

Thanks Alex, still the same. unfortunately.

can you please also double check if what MPC what suggesting a few comments earlier about the sub here  is correct ?

 

thanks

238 Views
0 Likes
alex_colombo
Employee
Employee
‎2024-05-13 08:01 AM

In response to LorisLombardo87

You have to use the IdP subject.
I have just tried with Postam (I guess you are using Postman) and it works. The only thing that I see here is that there is something in the certificate which you are using for generate the token, maybe a mismatch between it and the private key set in IdP configuration in MC.

Could you please check this step in JWT configuration and check if you have remove any carriage returns or line feeds existing in the text?

225 Views
0 Likes
LorisLombardo87
Partner - Contributor III
Partner - Contributor III
‎2024-05-21 11:58 AM
Author

In response to alex_colombo

Hi Alex, we have decided to switch to SAML.

unfortunately all the suggestions have been ineffective.

 

170 Views
0 Likes
alex_colombo
Employee
Employee
‎2024-05-22 05:47 AM

I strongly reccomend to open a support case about this.

157 Views
0 Likes