Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Woohoo! Qlik Community has won “Best in Class Community” in the 2024 Khoros Kudos awards!
Announcements
Nov. 20th, Qlik Insider - Lakehouses: Driving the Future of Data & AI - PICK A SESSION
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
LorisLombardo87
Partner - Contributor III
Partner - Contributor III
‎2024-05-09 07:06 AM

JWT 401 unauthorized

Hi all,

i'm trying to login to qlik using a JWT token but when i try to post to https://horsadev.eu.qlikcloud.com/login/jwt-session with the the web integration id and the bearer token i get the following error.

LorisLombardo87_0-1715252504937.png

the token is made up like this:

LorisLombardo87_2-1715252675807.png

user details: name sub and email are the exactly like the console.

any idea of what can go wrong here?

 

thanks,

Loris

Labels (3)
Labels
1,280 Views
15 Replies
LorisLombardo87
Partner - Contributor III
Partner - Contributor III
‎2024-05-10 11:36 AM
Author

In response to alex_colombo

Hi Alex, Sure!

the http request is as follow:

 async jwtLogin(token: string) {
    const authHeader = `Bearer ${token}`;
    return await fetch(`https://${environment.QlikTenant}/login/jwt-session?qlik-web-integration-id=${environment.webIntegrationID}`, {
      credentials: 'include',
      mode: 'cors',
      method: 'POST',
      headers: {
        'Authorization': authHeader,
        'qlik-web-integration-id': environment.webIntegrationID,
        'Content-Type': 'application/json'
      },
    })
  }

 

the IdP configuration is very simple:
 

LorisLombardo87_0-1715355198808.png

issuer and keyid have been left blank at the moment of creation, the one you see have been automatically populated by the console, and are matching what's in the JWT.

 

thanks for the support,

Loris

393 Views
0 Likes
alex_colombo
Employee
Employee
‎2024-05-13 05:30 AM

In response to LorisLombardo87

You don't need the webintegration id, mode:CORS and credential: include. Could you please remove them and try again. Also, try to compare my request with yours and di exactly the same, it should work.

370 Views
0 Likes
LorisLombardo87
Partner - Contributor III
Partner - Contributor III
‎2024-05-13 06:02 AM
Author

Thanks Alex, still the same. unfortunately.

can you please also double check if what MPC what suggesting a few comments earlier about the sub here  is correct ?

 

thanks

367 Views
0 Likes
alex_colombo
Employee
Employee
‎2024-05-13 08:01 AM

In response to LorisLombardo87

You have to use the IdP subject.
I have just tried with Postam (I guess you are using Postman) and it works. The only thing that I see here is that there is something in the certificate which you are using for generate the token, maybe a mismatch between it and the private key set in IdP configuration in MC.

Could you please check this step in JWT configuration and check if you have remove any carriage returns or line feeds existing in the text?

354 Views
0 Likes
LorisLombardo87
Partner - Contributor III
Partner - Contributor III
‎2024-05-21 11:58 AM
Author

In response to alex_colombo

Hi Alex, we have decided to switch to SAML.

unfortunately all the suggestions have been ineffective.

 

299 Views
0 Likes
alex_colombo
Employee
Employee
‎2024-05-22 05:47 AM

I strongly reccomend to open a support case about this.

286 Views
0 Likes