Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
dewan_abdullah
Partner - Contributor III
Partner - Contributor III
‎2020-03-18 01:01 PM

Qlik sense websockets & using 3rd party software for authentication, access and single sign-on

Hello everyone, 

We're trying to access Qlik sense from external network through another server that has a published ip (redirects to the Qlik sense server) but this public ip is only accessible through a 3rd party software (iDenProtect) which does authentication, access and single sign on. The hub and the app are working fine but get stuck on the loading screen. 

We added all IPs to the whitelist.

we checked the logs when the sheet doesn't open and this is the error message that we found.

 

Got msg: {"jsonrpc":"2.0","method":"OnClosed","params":{"qSessionState":"SESSION_ERROR_SECURITY_HEADER_CHANGED"}} in webs session 273aea4e-a960-41e0-9801-e53862998c60

17:33:24.452 1211069<tel:1211069>[HttpClient@629769605-235] INFO  c.i.u.websocket.SocketHandler - Relaying message {"jsonrpc":"2.0","method":"OnClosed","params":{"qSessionState":"SESSION_ERROR_SECURITY_HEADER_CHANGED"}} for websocket session 5, to /app/a3fffb4d-38b5-43e4-ad53-9723db436098?reloadUri=https%3A%2F%2Fproxy.idenprotect.net<http://2fproxy.idenprotect.net/>%3A9999%2Fsense%2Fapp%2Fa3fffb4d-38b5-43e4-ad53-9723db436098

WebSocket Error: java.nio.channels.ClosedChannelException

 

This error seems to occur when the 2ndwebsocket connection is created.  The two websocket connections are to.

 

wss://proxy.idenprotect.net:9999/app/a3fffb4d-38b5-43e4-ad53-9723db436098?reloadUri=https%3A%2F%2Fproxy.idenprotect.net%3A9999%2Fsense%2Fapp%2Fa3fffb4d-38b5-43e4-ad53-9723db436098

and

wss://proxy.idenprotect.net:9999/dataprepservice/app/a3fffb4d-38b5-43e4-ad53-9723db436098?reloadUri=https%3A%2F%2Fproxy.idenprotect.net%3A9999%2Fsense%2Fapp%2Fa3fffb4d-38b5-43e4-ad53-9723db436098

 

The error “SESSION_ERROR_SECURITY_HEADER_CHANGED” is a googlewhack, a google search that only returns one result.  It seems to be related to connecting directly to the engine vs via a proxy and/or session sharing.

Labels (1)
Labels

  • SaaS

1,704 Views
1 Reply
Damien_V
Support
Support
‎2021-07-28 09:58 AM

Hello @dewan_abdullah 

SESSION_ERROR_SECURITY_HEADER_CHANGED would basically happens if you have checked the option "Extended security environment" in the virtual proxy settings in the QMC and that something external is changing the header during your session.

The X-Qlik-Security header contains various information such as browser type, client IP, etc. If those information are changed by an external device during the user session, then the X-Qlik-Security header will change and this will cause an error.

https://help.qlik.com/en-US/sense-developer/May2021/Subsystems/RepositoryServiceAPI/Content/Sense_Re...

https://community.qlik.com/t5/Knowledge-Base/Qlik-Sense-quot-Extended-security-environment-quot-opti...

 

If the issue is solved please mark the answer with Accept as Solution.
1,465 Views