Skip to main content
Woohoo! Qlik Community has won “Best in Class Community” in the 2024 Khoros Kudos awards!
Announcements
Nov. 20th, Qlik Insider - Lakehouses: Driving the Future of Data & AI - PICK A SESSION
cancel
Showing results for 
Search instead for 
Did you mean: 
alexisjc
Partner - Contributor II
Partner - Contributor II

Session still inactive after claimed ticket

Hi,

I'm developing an integration of Qlik Sense into a CRM. I used the ticket API to build an external authentication module integrated into the CRM, and it's work like a charm ! So, what's the problem ? It works with my old Qlik Sense developement server, not with a more recent server.

Environments :

- Old : Qlik Sense September 2017, 11.14.3
- New : Qlik Sense February 2019, 13.9.1

Both have the same exact virtual proxy configuration.

Some additions, I'm using postman to test this two cases, where I added certificates for both servers.

1) I perform `https://<sense-server>:4243/qps/<prefix>/ticket?Xrfkey=abcdefghijklmnop`
2) Then, I perform `https://<server-sense>/<prefix>/qps/user?qlikTicket=<ticket>`, and from the old server I get a user session with a set-cookie response header. From the new, nothing, just session: inactive.

At first I thought proxy don't consume the ticket, but after give a look at logs, It would seem the problem is session never start.

 

Spoiler

Old :

- Audit.Proxy.Proxy.SessionEstablishment.Authentication.TicketValidator / Issued ticket 'v5zv3mioLJRkUKbx' for user
- Audit.Proxy.Proxy.SessionEstablishment.Authentication.AbstractAuthenticationHandler / User claimed ticket: 'v5zv3mioLJRkUKbx'
- Audit.Proxy.Proxy.SessionEstablishment.Authentication.AbstractAuthenticationHandler / User 'acr' used 'ticket' authentication / got session: 'd43e00e2-d313-4918-a2fe-9ef0d8040888'

New :

- Audit.Proxy.Proxy.SessionEstablishment.Authentication.TicketValidator / Issued ticket '-rxG4c8V9jUyeC3F' for user
- Audit.Proxy.Proxy.SessionEstablishment.Authentication.AuthenticationHandler / User claimed ticket: '-rxG4c8V9jUyeC3F'

 

In 2019 the `got session` moment doesn't happen, I don't know if it's normal or not.

Same into AuditActivity_Proxy logs.

 

Spoiler

Old :

- Create ticket: PostTicket
- Get ticket: ConsumeIncomingTicket
- Start session

New :

- Create ticket: PostTicket
- Get ticket: ConsumeIncomingTicket
- Get session: HandleRequest
and, (idk if it's same process)
- Get session: HandleRequest (again)
- Start session (Start session for user: 'NONE\anonymousf8b0f898-abac-49f3-b3a8-fa772defea95')

 

 

If someone can help me to understand what's happening I would be happy, thanks !

Labels (2)
1 Solution

Accepted Solutions
StevenJDH
Employee
Employee

@adambentley  Just to follow up, R&D have finally fixed the issue. The inclusion of this fix is targetted for the upcoming September 2019 release. For now, there are no backport/patch plans for previous releases, but this matter isn't clear from what I understood.

View solution in original post

9 Replies
StevenJDH
Employee
Employee

The issue you are describing appears to be the same issue I reported to R&D under the bug ticket ID QLIK-95638, and possibly for you even, but I will post it here just so that others are aware and can benefit. Currently, R&D is still looking into the issue, so I do not have any status information or fix dates to report as of yet.

adambentley
Contributor
Contributor

FWIW, this also happened to us after updating to April 2019, 13.21.1 -- so the bug is still out there. Currently our workaround is requesting another static file from qlik with the Ticket attached like any one of the following:

{qlikHost}/{proxy}/resources/assets/external/requirejs/require.js?qlikTicket={qlikTicket}
{qlikHost}/{proxy}/resources/autogenerated/qlik-styles.css?qlikTicket={qlikTicket}

We have done this before, though have found the user API to feel more comfortable.
adambentley
Contributor
Contributor

StevenJDH, is this bug ticket public so we can view the status somewhere? Any updates?
alexisjc
Partner - Contributor II
Partner - Contributor II
Author

Hi ! My workaround is to use another endpoint, the same that used by Qlik Sense : {qlikHost}/{proxy}/hub/?qlikTicket=.
it's forcing me to perform two differents requests to get qlik session and session status but it works.

i've another problem, more contraignant, I can't know if userId/userDirectory I fill exist. Before, Personal API return an userName parameter only if user exist. With the latest version, he return this parameter always, whatever userId/userDirectory I submit. For example :

{
"userDirectory": "MyUserDirectory",
"userId": "zefzefzef", <- Do not exist !
"userName": "zefzefzef", <- Do not exist !
"logoutUri": "https://<senseserver>/<proxy>/qps/user"
}

 

StevenJDH
Employee
Employee

@adambentley No, there isn't a public view for the bug ticket as it is only available internally. However, I have somewhat of an update. R&D is still working on the issue as of today, and the issue is confirmed in versions November 2018, February 2019, April 2019, and June 2019 for the moment. It does seem they have found the root cause, so I can only assume they are determining the best approach to take to resolve it without any unintentional side effects. I will do my best to keep everyone updated.

StevenJDH
Employee
Employee

@alexisjc, What version were you previously using that had this behavior for users that didn't exist, and what version are you using now? I've replicated this behavior change in the April 2019 release. It looks to be working as intended. It could be that the previous behavior was just simply the old behavior or a bug. I say this because normally, when you log into Qlik Sense for the first time, that user you used gets automatically added to the list of Qlik Sense users. With this in mind, one can expect the same behavior when requesting a ticket for a new, non-existent user as well. If you check your user list, you will now see that you have a new user called zefzefzef with a user directory of zefzefzef. In other words, you get back a value when requesting a ticket because the user was created, and as a result, does exist. Understandably, not everyone will like this behavior, but now it is more consistent. There are other APIs the can be used to check if a user exists, for example, /qrs/user or even specifying the GUID of the user.

alexisjc
Partner - Contributor II
Partner - Contributor II
Author

@StevenJDH, same version mentionned into my original post ! Thanks for explanation, I think now it wasn't normal behavior.  I didn't know about qrs endpoint, I will give a try.

I keep waiting for Personal API fix. Good Luck !

AdamSawyer
Digital Support
Digital Support

@adambentley  Per the case you created, I have created a KB article to track the progress of the known issue.  https://support.qlik.com/articles/000077004

StevenJDH
Employee
Employee

@adambentley  Just to follow up, R&D have finally fixed the issue. The inclusion of this fix is targetted for the upcoming September 2019 release. For now, there are no backport/patch plans for previous releases, but this matter isn't clear from what I understood.