Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
with November 2024 I got error http 403 😞
any idea ?
thanks in advance
Philippe
I've made some tests and with Ticket auth is working with steps made so far.
Using header auth, an extra step is required. When you call csrf API you will receive qlik csrf token param and a set Cookie in response headers. Grab that cookie value and attach to websocket headers. It should work.
Below an example of set cookie response header from csrf API and websocket connection:
Hey @PhilippeG , in Nov 2024 we introduced few changes at security levels. On of them is the CSRF token. This has to be added to websocket connection as url param.
When you are authenticated, you have to call a QPS APIs for getting the crsf token value, here the API doc.
Then, attach csrf token to websocket url like this: URI serverUri = new URI("wss://serverqsense.domaine.fr/vproxyname/app/" + idApp + "?Xrfkey=ABCDEFGH123456&qlik-csrf-token=_yourToken_");
Our docs is not up to date, I've raised this internally.
Hi @alex_colombo and thanks for your response !
However I still have the 403 error when opening websocket despite adding qlik-csrf-token :
I got qlik-csrf-token with this url :
https://serverqsense.domaine.fr/vproxyname/qps/csrftoken
and headers :
wsAppClient.addHeader("Xrfkey", "ABCDEFGH123456");
wsAppClient.addHeader("usr-api", "BB\\USERQLIKADM");
I got qlik-csrf-token and a value (j7kh4Y8fmPooKs7QDdfk8A) in response header : so far so good ?
then I call wsAppClient.connect() with URI("wss://serverqsense.domaine.fr/vproxyname/app/" + idApp + "?Xrfkey=ABCDEFGH123456&qlik-csrf-token=j7kh4Y8fmPooKs7QDdfk8A")
always got Status Code: 403 Forbidden
I notice something weird:
if I put a wrong value for domain/user for the "usr-api" key I still get a token.
Do you have another way to get past this 403 error?
Forgot to mention that you need to apply a modification into Virtual Proxy configuration. Go in VP configuration, click on Advanced, then Additional response headers.
You have to add below headers:
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: qlik-csrf-token
I added this parameters in my QMC :
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: qlik-csrf-token
in virtual proxy conf , but always 403 !!
I put some pic to illustrate my parameters...
Thanks to help me !
I've made some tests and with Ticket auth is working with steps made so far.
Using header auth, an extra step is required. When you call csrf API you will receive qlik csrf token param and a set Cookie in response headers. Grab that cookie value and attach to websocket headers. It should work.
Below an example of set cookie response header from csrf API and websocket connection: