Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Feb 23, 2021 4:05:33 AM
Nov 23, 2020 7:04:08 AM
This describes how to modify REST connections for Monitoring Apps to use JWT authentication.
This is useful when Windows authentication cannot be used, for example, if Kerberos is enabled on the proxy service, Windows authentication will fail as the REST connector does not support Kerberos.
Environments:
Step 1: First of all, a virtual proxy with JWT authentication needs to be set up.
Please refer to below article for the setup:
Qlik Sense: How to set up JWT authentication
Step 2: Then a JWT token needs to be generated, it can be generated with custom code, or by using directly the debugger on jwt.io.
This is as well described in the above article.
The JWT token needs to be issued to a user that is a RootAdmin in Qlik Sense.
Warning: JWTs are credentials, which can grant access to resources. Be careful that your security rules are correctly set so that other users do not have "Update" rights on the monitoring apps REST connection where you have pasted your JWT token.
Example of JWT token:
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiJBZG1pbmlzdHJhdG9yIiwidXNlckRpcmVjdG9yeSI6IkRPTUFJTiIsImV4cCI6MTU5MDc1ODg0N30.eEgQ8WLL3dLxmjuDcxaCig9CKKXd0HVgnOH6CG0qGYyA_uhKChSFyZwDF7w5R0MpquBviipEt-lMLr4rwxP5xJ8KN01HATbJK0UHrBWx_RUiEeItkDtALNn-Iq5JdEqk6UjNN0VH8UrRdU01k1jguIQNYCILvpS_klcTkbWc0_Qd_PkH3zf_96FNGRM-h3M2alHYEytGW2Tl46K-hp3jDLWViICANPWgJHwlIqeuA8o8Ejbg0UzGy3OKpiKpzDF07zPcwPIqNEAr3B-gfVEiO1KqtapWJhQqecxCH2WvucDc9zHimhPNCLmi4RQ4oeaG0iaYTEtBtkbJDGY8eYf7Hw
PAYLOAD:
{
"userId": "Administrator",
"userDirectory": "DOMAIN",
"exp":1590758847
}
Step 3: Modify each of the REST connection:
Before
CUSTOM CONNECT TO "provider=QvRestConnector.exe;url=https://localhost/qrs/app/full;timeout=900;method=GET;autoDetectResponseType=true;keyGenerationStrategy=0;authSchema=ntlm;skipServerCertificateValidation=true;useCertificate=No;certificateStoreLocation=LocalMachine;certificateStoreName=My;trustedLocations=qrs-proxy%2https://localhost:4244;queryParameters=xrfkey%20000000000000000;addMissingQueryParametersToFinalRequest=false;queryHeaders=X-Qlik-XrfKey%20000000000000000%1User-Agent%2Windows;PaginationType=None;"
After:
CUSTOM CONNECT TO "provider=QvRestConnector.exe;url=https://localhost/jwt/qrs/app/full;timeout=900;method=GET;autoDetectResponseType=true;keyGenerationStrategy=0;authSchema=anonymous;skipServerCertificateValidation=true;useCertificate=No;certificateStoreLocation=LocalMachine;certificateStoreName=My;trustedLocations=qrs-proxy%2https://localhost:4244;queryParameters=xrfkey%20000000000000000;addMissingQueryParametersToFinalRequest=false;queryHeaders=X-Qlik-XrfKey%20000000000000000%1Authorization%2Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiJBZG1pbmlzdHJhdG9yIiwidXNlckRpcmVjdG9yeSI6IkRPTUFJTiJ9.kimatrXjNq_O765XOgfOs4XgZLLObtv50rnexT2IvxxPGTdhzxabcsp0Dg0MMRkH_Rzs129dnY_Ec5guIYqJYItbe_azm7adKsCFfO2pEF9qLY7dLp25WB3EQwk0VKxp7pC-sEMydSHME1EdWjCe24pISJco-N2-3yGCFb9uAgu2Q86jq41KRb-To4XOCLxiLWYCe1YJc0wa86F4Yzs4ryflauYevQT9UeE3gYJBHadrocAVFM2D6is5rmGnjfRzVQFY-jxLBccRNOSpfhNnvPZ56CpzkMAR93Abf-Uobda8GYyMdkVoQLxRFYP7r7mLbGaamCwUIApcHtUc7b3LEg;PaginationType=None;"