Solved: how to connect to qsense web engine November 2024 ... - Qlik Community

PhilippeG · ‎2025-02-24

hi everybody,

the java code below works fine with qlik sense version February 2024

URI serverUri = new URI("wss://serverqsense.domaine.fr/vproxyname/app/" + idApp + "?Xrfkey=ABCDEFGH123456");

WebSocketClient wsAppClient = new WebSocketClient(serverUri);

wsAppClient.addHeader("Xrfkey", "ABCDEFGH123456");

wsAppClient.addHeader("usr-api", "BB\\USERQLIKADM");

wsAppClient.addHeader("Cookie", "");

// Connexion au serveur WebSocket

wsAppClient.connect();

with November 2024 I got error http 403 😞

any idea ?

thanks in advance

Philippe

alex_colombo · ‎2025-02-25

I've made some tests and with Ticket auth is working with steps made so far.

Using header auth, an extra step is required. When you call csrf API you will receive qlik csrf token param and a set Cookie in response headers. Grab that cookie value and attach to websocket headers. It should work.

Below an example of set cookie response header from csrf API and websocket connection:

View solution in original post

alex_colombo · ‎2025-02-25

Hey @PhilippeG , in Nov 2024 we introduced few changes at security levels. On of them is the CSRF token. This has to be added to websocket connection as url param.

When you are authenticated, you have to call a QPS APIs for getting the crsf token value, here the API doc.

Then, attach csrf token to websocket url like this: URI serverUri = new URI("wss://serverqsense.domaine.fr/vproxyname/app/" + idApp + "?Xrfkey=ABCDEFGH123456&qlik-csrf-token=_yourToken_");

Our docs is not up to date, I've raised this internally.

PhilippeG · ‎2025-02-25

Hi @alex_colombo and thanks for your response !

However I still have the 403 error when opening websocket despite adding qlik-csrf-token :

I got qlik-csrf-token with this url :
https://serverqsense.domaine.fr/vproxyname/qps/csrftoken
and headers :
wsAppClient.addHeader("Xrfkey", "ABCDEFGH123456");
wsAppClient.addHeader("usr-api", "BB\\USERQLIKADM");

I got qlik-csrf-token and a value (j7kh4Y8fmPooKs7QDdfk8A) in response header : so far so good ?

then I call wsAppClient.connect() with URI("wss://serverqsense.domaine.fr/vproxyname/app/" + idApp + "?Xrfkey=ABCDEFGH123456&qlik-csrf-token=j7kh4Y8fmPooKs7QDdfk8A")
always got Status Code: 403 Forbidden

I notice something weird:
if I put a wrong value for domain/user for the "usr-api" key I still get a token.

Do you have another way to get past this 403 error?

alex_colombo · ‎2025-02-25

Forgot to mention that you need to apply a modification into Virtual Proxy configuration. Go in VP configuration, click on Advanced, then Additional response headers.

You have to add below headers:

Access-Control-Allow-Credentials: true

Access-Control-Expose-Headers: qlik-csrf-token

PhilippeG · ‎2025-02-25

I added this parameters in my QMC :

Access-Control-Allow-Credentials: true

Access-Control-Expose-Headers: qlik-csrf-token

in virtual proxy conf , but always 403 !!

I put some pic to illustrate my parameters...

Thanks to help me !

alex_colombo · ‎2025-02-25

I've made some tests and with Ticket auth is working with steps made so far.

Using header auth, an extra step is required. When you call csrf API you will receive qlik csrf token param and a set Cookie in response headers. Grab that cookie value and attach to websocket headers. It should work.

Below an example of set cookie response header from csrf API and websocket connection:

how to connect to qsense web engine November 2024 ?

API

Qlik Sense