Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
catalin
Partner - Contributor III
Partner - Contributor III
‎2019-09-15 06:44 AM

Request a ticket for another user with the certificate of the root admin

Hello, dear Qlikers!

Suppose the following scenario: I am a QlikSense user, root admin, and I have a certificate exported through QMC. Now, I am using this certificate and my user to request a ticket in the name of another user by using the well know body in the request.

Request:

 

POST https://myqliksenseserver:4243/qps/myproxyprefix/ticket?xrfkey=blablabla12424

 

Body:

 

{
  "UserDirectory": "myqlikdomainname",
  "UserId": "anotheruser",
  "Attributes": [
    {
      "group": "value1a"
    }]
}

 

 

My questions are:

1. Is this possible to request a ticket for a user using another user's certificate?

2. What would be my settings in the Virtual Proxy configuration, regarding Redirect URI or another important setting?

3. If all works and I get the ticket, I can append that ticket at the end of a single configurator link for an object and the user in which name I request the ticket can consume it in 60 seconds? Will the constraints on the user's privileges, to see certain data, will apply? For example, will he see a blank visual if he doenst have privileges for the data behind the object?

I do mention that the request will be made from a C# app.

Thank you very much for any hints! Would help a lot!

Dearly,

Catalin

Labels (5)
420 Views
0 Likes
1 Reply
Mauritz_SA
Partner - Specialist
Partner - Specialist
‎2019-09-16 08:09 AM

Hi there

I am no expert in this, but I can give you some pointers (and the real experts can point out if/where I am wrong).

1. The certificate is for the server, not a user. So I don't think there is something like a user's certificate - only one for the server. I guess you can personalise it by having a passphrase.

2. Not sure.

3. If you append the ticket to the URL then you have in essence authenticated that user (anotheruser in your case). When someone (it doesn't have to be you) uses that ticket they will be treated as if they are anotheruser. If there are security rules set up in the QMC that limits what the user anotheruser should see then those will be applied, but that is normally used for stream, app, sheet and sheet object access.

If you have implemented Section Access then the data that anotheruser will see will be reduced. This article is very nice for reading up on Section Access.

Hope this gets you going.

Mauritz

378 Views