Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

Announcements
Join us in Toronto Sept 9th for Qlik's AI Reality Tour! Register Now
cancel
Showing results for 
Search instead for 
Did you mean: 
PhilippeG
Contributor II
Contributor II

how to connect to qsense web engine November 2024 ?

hi everybody,

the java code below works fine with qlik sense version February 2024


    URI serverUri = new URI("wss://serverqsense.domaine.fr/vproxyname/app/" + idApp + "?Xrfkey=ABCDEFGH123456");
 
    WebSocketClient wsAppClient = new WebSocketClient(serverUri);
        
        wsAppClient.addHeader("Xrfkey", "ABCDEFGH123456");
        wsAppClient.addHeader("usr-api", "BB\\USERQLIKADM");
        wsAppClient.addHeader("Cookie", "");
 
        
        // Connexion au serveur WebSocket
        wsAppClient.connect();


with November 2024 I got error http 403 😞

any idea ?

thanks in advance

Philippe

Labels (2)
1 Solution

Accepted Solutions
alex_colombo
Employee
Employee

I've made some tests and with Ticket auth is working with steps made so far.

Using header auth, an extra step is required. When you call csrf API you will receive qlik csrf token param and a set Cookie in response headers. Grab that cookie value and attach to websocket headers. It should work. 

Below an example of set cookie response header from csrf API and websocket connection:

 

View solution in original post

5 Replies
alex_colombo
Employee
Employee

Hey @PhilippeG , in Nov 2024 we introduced few changes at security levels. On of them is the CSRF token. This has to be added to websocket connection as url param.

When you are authenticated, you have to call a QPS APIs for getting the crsf token value, here the API doc.

Then, attach csrf token to websocket url like this:  URI serverUri = new URI("wss://serverqsense.domaine.fr/vproxyname/app/" + idApp + "?Xrfkey=ABCDEFGH123456&qlik-csrf-token=_yourToken_");

 

Our docs is not up to date, I've raised this internally.

PhilippeG
Contributor II
Contributor II
Author

Hi @alex_colombo and thanks for your response !

However I still have the 403 error when opening websocket despite adding qlik-csrf-token :

I got qlik-csrf-token with this url :
https://serverqsense.domaine.fr/vproxyname/qps/csrftoken
and headers :
wsAppClient.addHeader("Xrfkey", "ABCDEFGH123456");
wsAppClient.addHeader("usr-api", "BB\\USERQLIKADM");


I got qlik-csrf-token and a value (j7kh4Y8fmPooKs7QDdfk8A) in response header : so far so good ?

then I call  wsAppClient.connect() with URI("wss://serverqsense.domaine.fr/vproxyname/app/" + idApp + "?Xrfkey=ABCDEFGH123456&qlik-csrf-token=j7kh4Y8fmPooKs7QDdfk8A")
always got Status Code: 403 Forbidden

I notice something weird:
if I put a wrong value for domain/user for the "usr-api" key I still get a token.


Do you have another way to get past this 403 error?

alex_colombo
Employee
Employee

Forgot to mention that you need to apply a modification into Virtual Proxy configuration. Go in VP configuration, click on Advanced, then Additional response headers.

You have to add below headers:

Access-Control-Allow-Credentials: true

Access-Control-Expose-Headers: qlik-csrf-token

 

 

PhilippeG
Contributor II
Contributor II
Author

I added this parameters in my QMC :

Access-Control-Allow-Credentials: true

Access-Control-Expose-Headers: qlik-csrf-token

in virtual proxy conf , but always 403 !!

I put some pic to illustrate my parameters...

Thanks to help me !

alex_colombo
Employee
Employee

I've made some tests and with Ticket auth is working with steps made so far.

Using header auth, an extra step is required. When you call csrf API you will receive qlik csrf token param and a set Cookie in response headers. Grab that cookie value and attach to websocket headers. It should work. 

Below an example of set cookie response header from csrf API and websocket connection: