Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Introducing Qlik Answers: A plug-and-play, Generative AI powered RAG solution. READ ALL ABOUT IT!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cllu
Contributor
Contributor
‎2023-05-04 06:52 AM

Using a virtual proxy with a Slash ("/) with QPS

Hi, 

We are trying to setup a virtual proxy that will load balance to a rim node only (for use for specific clients). For that we need a prefix that has a slash character ("path1/path2").

 

This works when accessing the URL directly. But we will need to access the QPS for getting a ticket with that virtual proxy with a Slash from the rim node. 

The QPS API doesn't seem to work with a prefix that has a slash though for some reason, with the error message "No matching endpoint found".

https://server:4243/qps/path1/ticket -> works

https://server:4243/qps/path1/path2/ticket  -> doesn't work

 

The virtual proxy that will be used by default would be under the above scheme: 

https://server:4243/qps/path1/

If that matters in any way.

Am i missing something?

Thank you

Labels (2)
Labels
369 Views
0 Likes
1 Solution

Accepted Solutions
SteveAO
Employee
Employee
‎2023-05-08 06:51 PM

Hello Clemens,

I hope all is well. To answer your question, yes. It matters; it's part of the API spec. However, If your goal is to segment your audience to a preferred node for per-customer computing, I would recommend the following: 

1) Abandon the path-based routing in this approach, allowing the Layer 7 balancing to operate in a lightweight and agnostic way to the client context.

2) Because you're using ticketing, you have additional options around session claims that you can leverage, with a matching engine load balancing rule, to send the users' session compute to the appropriate engine node and stream combination for each customer:

 https://help.qlik.com/en-US/sense-developer/February2023/Subsystems/ProxyServiceAPI/Content/Sense_Pr...

https://help.qlik.com/en-US/sense-admin/November2021/Subsystems/DeployAdministerQSE/Content/Sense_De...

Note that in your case, it might make sense to assign something like this, for example, if you provide a group claim attribute list in the ticket backend POST for each user session federated into Qlik: 

Load Balancing Rule
node.@Customer=resource.stream.@Customer


Security Rule (App,Read)
user.group=resource.stream.@Customer

 

 

3) If you're trying to identify the node the user might have begun their session with  (e.g., SP initiated) and better determine where to get the Qlik Proxy Ticket from at your ticket broker level, set the authentication module to redirect uri to your endpoint/listener, per: https://help.qlik.com/en-US/sense-admin/February2023/Subsystems/DeployAdministerQSE/Content/Sense_De.... Qlik will send the internal server name and virtual proxy client-side as query string parameters.

View solution in original post

307 Views
0 Likes
1 Reply
SteveAO
Employee
Employee
‎2023-05-08 06:51 PM

Hello Clemens,

I hope all is well. To answer your question, yes. It matters; it's part of the API spec. However, If your goal is to segment your audience to a preferred node for per-customer computing, I would recommend the following: 

1) Abandon the path-based routing in this approach, allowing the Layer 7 balancing to operate in a lightweight and agnostic way to the client context.

2) Because you're using ticketing, you have additional options around session claims that you can leverage, with a matching engine load balancing rule, to send the users' session compute to the appropriate engine node and stream combination for each customer:

 https://help.qlik.com/en-US/sense-developer/February2023/Subsystems/ProxyServiceAPI/Content/Sense_Pr...

https://help.qlik.com/en-US/sense-admin/November2021/Subsystems/DeployAdministerQSE/Content/Sense_De...

Note that in your case, it might make sense to assign something like this, for example, if you provide a group claim attribute list in the ticket backend POST for each user session federated into Qlik: 

Load Balancing Rule
node.@Customer=resource.stream.@Customer


Security Rule (App,Read)
user.group=resource.stream.@Customer

 

 

3) If you're trying to identify the node the user might have begun their session with  (e.g., SP initiated) and better determine where to get the Qlik Proxy Ticket from at your ticket broker level, set the authentication module to redirect uri to your endpoint/listener, per: https://help.qlik.com/en-US/sense-admin/February2023/Subsystems/DeployAdministerQSE/Content/Sense_De.... Qlik will send the internal server name and virtual proxy client-side as query string parameters.

308 Views
0 Likes