Apache tomcat 7 on a separate server, with the bonita portal (user/pw in a postgres db) and an angularjs web application. These 2 applications are working on the same tomcat. They both live on the same url:
The UDC is also connected with the postgres db from bonita (where the user/pw is stored) for authorization.
The end-user should login to the web app. The angularjs web app will use the java REST api, from bonita, to login. As soon the user has logged in, I will get a response cookie called, X-Bonita-API-Token with a long value.
I have a Qlik app in the angularjs web app, this is embedded via an iframe, like this: <iframe id="masterlist-iframe" src="<qlik.host.url>/bonitaheader/sense/app/<qlik app id>/sheet/ERXgW/state/analysis/options/clearselections?xrfkey=mSm27KU0yHTExOJd" style="border:none; height: 100%; width: 100%;"></iframe>.
I wanted to do some authentication, with the following authentication method (virtual proxy) "header authentication dynamic user directory". But you need to add some custom headers. I can add custom headers via an ajax call and then update my "src" attribute with the response of my ajax call, but unfortunately I don't get the Qlik app working, because it's looking for resources that I don't have (those resources are on the Qlik server). The ajax call self is working tho, I'm getting the response, but as soon as the browser renders the result it will trow an error that it can't find require(). And on google I don't find good answers that can help me with this.
So I want to try another method, sessions, but I don't control the bonita cookie, the bonita portal is doing that for me and I only see session examples with custom asp code. Is there a good how to, on this in combination with the setup of the above? Do you need to write custom code or can you only configure it?