Skip to main content

QS Header Authentication: Error when using “X-Qlik-User-hdr" as "header authentication header name". It was working in previous Qlik Sense versions

No ratings
cancel
Showing results for 
Search instead for 
Did you mean: 
Joseph_Musekura
Support
Support

QS Header Authentication: Error when using “X-Qlik-User-hdr" as "header authentication header name". It was working in previous Qlik Sense versions

Last Update:

Apr 2, 2024 12:18:19 PM

Updated By:

Joseph_Musekura

Created date:

Apr 2, 2024 12:18:19 PM

When using "Header authentication" method, after upgrading to latest Qlik Sense Enterprise versions or latest patch, you may encouter error like "400 bad request Invalid header in the request".

bad_request.png

From the image above, notice that the request header is “X-Qlik-User-hdr = Domain\administrator" (in this example). Meaning that, in Qlik Sense virtual proxy settings, the "header authentication header name” was set to “X-Qlik-User-hdr".

Header_name_QLik_X.png

Resolution

This is working as designed  (WAD).

R&D confirmed that, there was a security fix made back in August-September 2023, which disallow header authentication using header names that include "X-Qlik-User" in "header authentication header name".

Thus, if the "Header Authentication" setting was working before the upgrade and then the error "400 bad request Invalid header in the request" occurs after upgrading to latest version of Qlik Sense Enterprise or after installing a patch, please ensure that in the related virtual proxy, "header authentication header name” is not set to something like "X-Qlik-User-*" (Check for example QS Feb 2024 header name restrictions).


Header_name.png

Information provided on this defect is given as is at the time of documenting. For up to date information, please review the most recent Release Notes, or contact support with the ID QB-25945 or QB-21731 for reference.

Cause

Product Defect ID: QB-25945, QB-21731 and HLP-15641

 

Environment

  • Qlik Sense Entreprise on Windows
Labels (2)
Contributors
Version history
Last update:
2 weeks ago
Updated by: