Has anyone tried setting up the newer AWS application load balancer with QlikSense? This new load balancer now supports websockets, but i've been running into some issues trying to get it to function properly. Currently i'm trying to just get it to work simply through the default NTLM authentication method.
This all works fine if I disable NTLM and just allow anonymous. When it's enabled, right now it get a Qlik 404 error when it tries to send the 4244 NTLM authentication request to the Qlik server. It doesn't seem to be able to send the request to the appropriate target node even though I only have 1 node in the target group and the default rule sending everything to it.
Were you able to resolve this? We are trying to setup Amazon Application Load Balancer with Qlik Sense and eventually through its content delivery network service CloudFront.
My AWS architect is stuck at the moment and couldn't make it work.
No, I've never gotten this to work using the default NTLM authentication because of the port jump. What I've heard will work is if you use an alternate authentication that doesn't do the port jump like SAML or header authentication, it will work. I haven't tried this myself yet.
ALB won't work with Windows authentication as only 443 port is authorized. Using SAML works fine. Don't forget to increase the webscocket timeout (default is 60 seconds) and configure the sticky session in the target group.
Couldn't you configure an additional listener in ALB to listen over HTTP(s) over port 4244 or 4243. Then the windows authentication request from Qlik's port jump would be sent over to the target proxy node. But I think the same problem still exists if you have more than 1 proxy node behind the ALB. The jump to port 4244 or 4243 to get to Qlik's NTLM authentication service can still land on the "other" proxy node and not the originating request, causing the login to fail.