Skip to main content
Announcements
Accelerate Your Success: Fuel your data and AI journey with the right services, delivered by our experts. Learn More
cancel
Showing results for 
Search instead for 
Did you mean: 
schiang79
Contributor
Contributor

AWS Application Load Balancer with QlikSense

Has anyone tried setting up the newer AWS application load balancer with QlikSense?  This new load balancer now supports websockets, but i've been running into some issues trying to get it to function properly.  Currently i'm trying to just get it to work simply through the default NTLM authentication method.

This all works fine if I disable NTLM and just allow anonymous.  When it's enabled, right now it get a Qlik 404 error when it tries to send the 4244 NTLM authentication request to the Qlik server.  It doesn't seem to be able to send the request to the appropriate target node even though I only have 1 node in the target group and the default rule sending everything to it.

6 Replies
eclutario
Contributor II
Contributor II

Hi,

Were you able to resolve this? We are trying to setup Amazon Application Load Balancer with Qlik Sense and eventually through its content delivery network service CloudFront.

My AWS architect is stuck at the moment and couldn't make it work.

Cheers

Not applicable

Hi - yes was anyone able to resolve this as I've been trying with an ALB to no avail as well. Would be great to get this working!

schiang79
Contributor
Contributor
Author

‌No, I've never gotten this to work using the default NTLM authentication because of the port jump.  What I've heard will work is if you use an alternate authentication that doesn't do the port jump like SAML or header authentication, it will work.  I haven't tried this myself yet.

Laurent_Cornilleau

Hi,

ALB won't work with Windows authentication as only 443 port is authorized. Using SAML works fine. Don't forget to increase the webscocket timeout (default is 60 seconds) and configure the sticky session in the target group.

schiang79
Contributor
Contributor
Author

Couldn't you configure an additional listener in ALB to listen over HTTP(s) over port 4244 or 4243.  Then the windows authentication request from Qlik's port jump would be sent over to the target proxy node.  But I think the same problem still exists if you have more than 1 proxy node behind the ALB.  The jump to port 4244 or 4243 to get to Qlik's NTLM authentication service can still land on the "other" proxy node and not the originating request, causing the login to fail.

Anonymous
Not applicable

Hi Steve Chiang‌ : Find Attachment @