Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Mar 3, 2023 4:04:45 AM
Aug 30, 2017 4:58:51 AM
This article explains how the session API works and the workflow.
Postman is used to perform the API call to add the session in Qlik Sense.
In the browser, developer tools or an extension can be used to set the cookie.
Authentication workflow
1. User authenticate to an external session module (This module must be built by the customer)
2. The module adds the session to the Proxy using the session API
3. The module sets the cookie for the end user
4. The end user is recognized as authenticated and can access the hub and apps.
Virtual Proxy settings:
It does not matter which authentication method is set on the virtual proxy as we are creating directly a session when using this method. However, the following information: Session Cookie header name, Authentication module redirect URI and Session Cookie domain are important to remember when you use the Session API.
Add the session:
You will need to have the QlikClient certificate installed for the user performing this API call. More information is available in following articles:
QRS API using Xrfkey header in Postman
Export client certificate and root certificate to make API calls with Postman
In order to add a session to the virtual proxy, you need to provide the following information:
UserDirectory
UserId
Attributes (optional, these are for example groups to which the user belongs to)
Cookie value (In Qlik Sense by default, a 36 characters string such as aa051074-13a1-4f2a-842b-a64aa4d21001 is used, however this can be any value, but it must be long enough and randomized to ensure there is not 2 session cookies with the same value that are added to the virtual proxy)
Example of API call:
https://qlikserver1.domain.local:4243/qps/{virtual proxy prefix}/session?xrfkey=0123456789abcdef
Headers:
| X-Qlik-xrfkey | 0123456789abcdef |
| Content-Type | application/json |
Body:
{
"UserDirectory": "DOMAIN",
"UserId": "User1",
"Attributes":
[],
"SessionId": "aa051074-13a1-4f2a-842b-a64aa4d21001"
}
Postman:
PowerShell:
$body = '{
"UserDirectory": "DOMAIN",
"UserId": "User1",
"Attributes":
[],
"SessionId": "aa051074-13a1-4f2a-842b-a64aa4d21001"
}'
$hdrs = @{}
$hdrs.Add("X-Qlik-xrfkey","iX83QmNlvu87yyAB")
$url = "https://qlikserver1.domain.local:4243/qps/session?xrfkey=iX83QmNlvu87yyAB"
$cert = Get-ChildItem -Path "Cert:\CurrentUser\My" | Where {$_.Subject -like '*QlikClient*'}
Invoke-RestMethod -Uri $url -Method Post -Body $body -ContentType 'application/json' -Headers $hdrs -Certificate $cert
Set the cookie:
In Chrome, an extension such as "EditThisCookie" can be used to test that the session API works.
Open the hub and add a cookie with the following information:
Name: X-Qlik-Session-sessionvp
Value: aa051074-13a1-4f2a-842b-a64aa4d21001
Domain: domain.local
Expiration: 0001-01-01 00:00:00
HttpOnly:True
Secure:True
Save the cookie and refresh the page, make sure the address is https://qlikserver1.domain.local/{virtual proxy prefix}/hub/ when you refresh.
Now you should be logged in as the user requested in the previous API call and able to access the hub/your apps.
