Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
Not applicable

Authentication using session module.

I have some problems setting up qlik sense server installation to use the session module for authentication.

I want to be able to authenticate my users externaly, use the session api to create a session in the qps and then authenticate using the received token (as described here)

https://help.qlik.com/sense/en-us/online/Subsystems/ServerDeploymentConfiguration/Content/Server/Ser...

By using the example posted here (flautrup/SessionAPITestModule · GitHub) I've managed to create the session tokens that I need. But I don't understand how to configure qlik to use the tokens as authentication. After I set the cookie X-Qlik-Session to the token received I still get redirected to host:4244/windows_authentication/?targetID=a0aa.... i.e. windows authentication.

How can I configure Qlik to use the session cookie as authentication instead.

/Viktor

6 Replies
tanvi_madan1
Partner - Contributor III
Partner - Contributor III

hi,

can please explain how are you able to get the session tokens with the help of sessionAPITestModule?? I am using the same code module but if i provide a url on selectuser.htm it gets redirected to that url without establishing the session. and if am not providing the url its give me error.

Just wanted to know how are you able to get the session token ??

Regards,

Tanvi

Not applicable
Author

Hello Viktor,

Did you solve your problem using the API Session Module approach?

I tried playing with the SessionAPITestModule too, but ran into issues with "Error: socket hang up" in node.js.  I was able to read the node.js code and see the cookie get set for my localhost domain though.  So, my understanding is that the Qlik session wasn't created in their SessionModule.  This git demo may be broken?

You said your issue was that you didn't know how to configure Qlik to use the API Session tokens (via cookies) as authentication.  What was your solution?

Not applicable
Author

Hi. Did you ever resolve this? We are in the process of deploying Qlik and we want to use the Session Module.

While we did find the Session API information, we have a few questions about it:

- We cannot find in the QMC where to enable or configure the Session Module. We don't know the [session_module_root]

- What does ""UserDirectory" mean for the request?

- When a user logs out, are you supposed to Delete the session?

I would appreciate any help on any of these questions.

Thanks,

Facundo

vegard_bakke
Partner - Creator III
Partner - Creator III

This is long overdue, but the Session Module is seriously mal-documented from Qlik. And the modules on GitHub are so fractured, it like putting together a jigsaw puzzle of a whiteout during an arctic blizzard.

For anyone else that happens to be in this Qlik deserted spot, here are some of the latest clues I've managed to figure out.

  • Using Session Module, the client browser and the 3rd part Session Module MUST be on the same URL domain.
    (You should be able to have them on different machines, behind a reverse proxy, but the browser must think it is on the same URL host, otherwise it simply won't pass on the session cookie. Obvious, maybe. But not well emphasised in the docs.)

  • Configure the virtual proxy to use Session Module (your question, Facundo) go to the QMC
    In the Creating a virtual proxy ‒ Qlik Sense, under Integration, and insert a URL in Session module base URI (referred to as [session_module_root] in Get session ‒ Qlik Sense)

  • CRUCIAL POINT (I think): The Session Module is not provided by Qlik! You have to provided implement in your 3rd party Session Module. As documented in the Qlik Sense' Session API (not to be confused with your Session Module API‌. But very similar, aren't they.  : )

  • Unknown area I: I've just received slightly modified version of SessionAPITestModule which implements the GET method, only.
    app.get('/session/*', function (req, res) {
    And it does this by calling the POST method to the Qlik Sense Session API (basically the createSession() function in the SessionAPITestModule), and return this back to the original sender. (Which is Qlik Sense.)


    The sample I received does not implement the POST and the DELETE method for the [session_module_root]. However, I do receive DELETE requests from the Qlik Sense engine when I a Qlik session expires.

  • Unknown area II: GET and POST. After receiving an initial GET /session/<sessionID> from Qlik Sense, I get three new requests with POST /session and no body.
    I get no indication of the actual user, so I'm a bit unsure of what to do, and respond.
    Updated 2017-07-21: I forgot a 'app.use(bodyParser.json());' in the top of my code. Now, I receive session object for NONE\anonumousXXXXX before the client is given the font files and extensions/schema.


  • Unknown area III: The ticket URI. My feedback from Qlik Support, leaves the QMC - Virtual proxy - Authentication - Authentication module redirect URI blank.

    However, occasionally, my browser is redirected to the default Windows authentication URL. Or if I fill in the "Ticket redirect URL" (above), I get redirected to my ticket URL.  Not sure why.

As for the UserDirectory, you may freely choose this, (e.g. 'SSO') to distinguish users logged in via this virtual proxy, from users logged in via other means. (I.e 'SSO\john', may not be the same user as 'MYDOMAIN\john'.)

Under QMC - Licenses and tokens - User access rules, you may create a new rule to allow SS users access to given documents.

(E.g. user.userDirectory="SSO")

If anyone has any more information, corrections, etc about the session module mystery in Qlik Sense, please update this thread, and we might be able to get this troll out in the open, so that it bursts....

Cheers,

Vegard Bakke

mbj
Employee
Employee

@jeffrey Goldberg created a nice video about this topic.

https://youtu.be/oCUjKCFVAzU

And if you want to learn more about security and authentication in Qlik Sense I would recommend http://integration.qlik.com/slides select the security topic

rodolfoviolac
Contributor III
Contributor III

I've been developing a lib to connect to qliksense and authenticate user as simple as possible. You can checkout the repo https://github.com/qmoni/qliksense-api. Hope you can use it, thanks!