Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Sep 14, 2022 6:38:56 AM
Sep 27, 2017 7:49:52 AM
If Kerberos Authentication is used in Qlik Sense then the following error can be observed:
Error: QVX_UNEXPECTED_END_OF_DATA: HTTP protocol error 401 (Unauthorized).
Kerberos Authentication is not supported with REST Connector. The only workaround is not to use Kerberos Authentication.
In addition, the License and Operation Monitoring Apps will not reload anymore if using Kerberos. When trying to Reload them, the following error is observed:
Error: QVX_UNEXPECTED_END_OF_DATA: HTTP protocol error 401 (Unauthorized):
'Negotiate' authentication schema provided by the web-service is not supported or your credentials are not valid.
The reload of monitoring apps fails if Kerberos Authentication is enabled. The Kerberos authentication is not currently supported by the REST connector.
You have two options on how to address this. Either you swap to JWT Authentication for the Monitoring Apps or disable Kerberos entirely.
To swap to JWT Authentication, see Qlik Sense: Modify REST connections for Monitoring Apps to use JWT authentication.
To disable Kerberos instead:
Hi,
I have tried implementing this solution and able to run the hub modifying hub URL as : https://localhost/jwt/hub/my/work , but when trying to modify Data Connections for monitoring apps its using jwt , reload task fails due to failed Server connection error.
Hello @jaishree_Qlik
Did you follow the instructions in Qlik Sense: Modify REST connections for Monitoring Apps to use JWT authentication? If all the instructions were followed as documented, I would recommend posting about this issue in our forums to make use of our active community and support agents monitoring it. The correct forum would be Connectivity & Data Prep.
Hello.
This is currently under investigation by R&D for future enhancement.
Any news about this?
Thank you advance
Hello @alexey_kozlov
I've reviewed our internal doc for this and we have no short terms plan for introducing Kerberos support for the REST connector. I would recommend to vote for this idea: Kerberos authentication fully working (so also with rest/monitoring connections).
I've updated this article.
All the best,
Sonja
Hi @Sonja_Bauernfeind ,
Is it possible to set up a Virtual Proxy that does not use Kerberos using a linked Proxy that is configured to use Kerberos?
I am asking because we are running into a situation at a customer site using Kerberos. The customer has a very constrained and controlled vSphere environment where they don't want to create new VMs, but they also want to monitor the usage of their QSEoW platform using the monitoring applications.
I am trying to avoid creating a new Proxy node VM. So, I need to find out if one could use their existing Proxy, configured to use Kerberos, with an additional Virtual Proxy configured to use just JWT authentication (for the monitoring apps).
Please advise.
Cheers,
+José
Hello @diagonjope
If you use the workaround described here: Qlik Sense: Modify REST connections for Monitoring Apps to use JWT authentication you will not need a new Proxy, only a new Virtual Proxy.
Hope this helps!
If you need assistance setting this up, I'd recommend posting directly in our forums about it so that you can make use of our active community.
All the best,
Sonja
Thank you @Sonja_Bauernfeind for your response.
The reason I asked is because, in the case described above in this page, it seems to require disabling Kerberos authentication at the existing Proxy level. So, I wanted to make sure that the workaround proposed, using JWT authentication in a new Virtual Proxy, will work when using a linked Proxy that still has enabled Kerberos authentication.
Furthermore, if we follow the instructions above and disable Kerberos at the Proxy level, will the existing Virtual Proxy configured for Kerberos continue to work as usual?
In any case, we'll give it a shot and see what happens.
Cheers,
++José
Hmmm, that is a very good point. Let me verify this for you, @diagonjope. I was under the impression it is either or.
Hello @diagonjope
You don't need to disable Kerberos if you use the JWT authentication.
All the best,
Sonja
Hi @Sonja_Bauernfeind !
Just a brief note to let you know that we have a new virtual proxy with JWT enabled working with the instructions provided above (with the exception of disabling Kerberos in the Proxy) and it works fine: the Monitoring Apps are reloading without any problems.
In view of this, I suggest that the requirement to disable Kerberos that appears in the article should be revised/ eliminated, since it may throw off other people as well.
Cheers,
++José