I'm developing an integration of Qlik Sense into a CRM. I used the ticket API to build an external authentication module integrated into the CRM, and it's work like a charm ! So, what's the problem ? It works with my old Qlik Sense developement server, not with a more recent server.
Environments :
- Old : Qlik Sense September 2017, 11.14.3 - New : Qlik Sense February 2019, 13.9.1
Both have the same exact virtual proxy configuration.
Some additions, I'm using postman to test this two cases, where I added certificates for both servers.
1) I perform `https://<sense-server>:4243/qps/<prefix>/ticket?Xrfkey=abcdefghijklmnop` 2) Then, I perform `https://<server-sense>/<prefix>/qps/user?qlikTicket=<ticket>`, and from the old server I get a user session with a set-cookie response header. From the new, nothing, just session: inactive.
At first I thought proxy don't consume the ticket, but after give a look at logs, It would seem the problem is session never start.
- Audit.Proxy.Proxy.SessionEstablishment.Authentication.TicketValidator / Issued ticket 'v5zv3mioLJRkUKbx' for user - Audit.Proxy.Proxy.SessionEstablishment.Authentication.AbstractAuthenticationHandler / User claimed ticket: 'v5zv3mioLJRkUKbx' - Audit.Proxy.Proxy.SessionEstablishment.Authentication.AbstractAuthenticationHandler / User 'acr' used 'ticket' authentication / got session: 'd43e00e2-d313-4918-a2fe-9ef0d8040888'
New :
- Audit.Proxy.Proxy.SessionEstablishment.Authentication.TicketValidator / Issued ticket '-rxG4c8V9jUyeC3F' for user - Audit.Proxy.Proxy.SessionEstablishment.Authentication.AuthenticationHandler / User claimed ticket: '-rxG4c8V9jUyeC3F'
In 2019 the `got session` moment doesn't happen, I don't know if it's normal or not.
@adambentley Just to follow up, R&D have finally fixed the issue. The inclusion of this fix is targetted for the upcoming September 2019 release. For now, there are no backport/patch plans for previous releases, but this matter isn't clear from what I understood.
The issue you are describing appears to be the same issue I reported to R&D under the bug ticket ID QLIK-95638, and possibly for you even, but I will post it here just so that others are aware and can benefit. Currently, R&D is still looking into the issue, so I do not have any status information or fix dates to report as of yet.
FWIW, this also happened to us after updating to April 2019, 13.21.1 -- so the bug is still out there. Currently our workaround is requesting another static file from qlik with the Ticket attached like any one of the following:
Hi ! My workaround is to use another endpoint, the same that used by Qlik Sense : {qlikHost}/{proxy}/hub/?qlikTicket=. it's forcing me to perform two differents requests to get qlik session and session status but it works.
i've another problem, more contraignant, I can't know if userId/userDirectory I fill exist. Before, Personal API return an userName parameter only if user exist. With the latest version, he return this parameter always, whatever userId/userDirectory I submit. For example :
{
"userDirectory": "MyUserDirectory",
"userId": "zefzefzef", <- Do not exist !
"userName": "zefzefzef", <- Do not exist !
"logoutUri": "https://<senseserver>/<proxy>/qps/user"
}
@adambentley No, there isn't a public view for the bug ticket as it is only available internally. However, I have somewhat of an update. R&D is still working on the issue as of today, and the issue is confirmed in versions November 2018, February 2019, April 2019, and June 2019 for the moment. It does seem they have found the root cause, so I can only assume they are determining the best approach to take to resolve it without any unintentional side effects. I will do my best to keep everyone updated.
@alexisjc, What version were you previously using that had this behavior for users that didn't exist, and what version are you using now? I've replicated this behavior change in the April 2019 release. It looks to be working as intended. It could be that the previous behavior was just simply the old behavior or a bug. I say this because normally, when you log into Qlik Sense for the first time, that user you used gets automatically added to the list of Qlik Sense users. With this in mind, one can expect the same behavior when requesting a ticket for a new, non-existent user as well. If you check your user list, you will now see that you have a new user called zefzefzef with a user directory of zefzefzef. In other words, you get back a value when requesting a ticket because the user was created, and as a result, does exist. Understandably, not everyone will like this behavior, but now it is more consistent. There are other APIs the can be used to check if a user exists, for example, /qrs/user or even specifying the GUID of the user.
@StevenJDH, same version mentionned into my original post ! Thanks for explanation, I think now it wasn't normal behavior. I didn't know about qrs endpoint, I will give a try.
@adambentley Just to follow up, R&D have finally fixed the issue. The inclusion of this fix is targetted for the upcoming September 2019 release. For now, there are no backport/patch plans for previous releases, but this matter isn't clear from what I understood.
