Qlik Community

Ask a Question

Qlik Fix

Here you'll find the recordings of our Qlik Fix video series.

Announcements
Join this live chat April 6, 10AM EST - QlikView to Qlik Sense REGISTER

Qlik Fix: How to Enable and Test JWT Authentication on Qlik Sense

Andre_Sostizzo
Digital Support
Digital Support

Qlik Fix: How to Enable and Test JWT Authentication on Qlik Sense

Hammer Up 1000x340.png

This video is part of the Qlik Fix Video series. If you found this video useful, check out the other Qlik Fix Videos

This video will cover how to enable and test JSON Web Token (JWT) authentication on Qlik Sense.

Here is a link to more information in the Support Knowledge Base:

Qlik Sense: How to set up JWT authentication 

Video Transcript:

Hi and welcome to Qlik Fix!
This video will cover how to enable and test JSON Web Token (JWT) authentication on Qlik Sense.
The first step is to create a new Virtual Proxy which serves as the authentication component in Qlik Sense.
The Virtual Proxy needs a unique Name, Prefix, Session cookie header name, an Engine server to use, and to be linked to one of the available Proxy servers.
Under Authentication, pick JWT - commonly read as Jot - for Authentication method.
For the JWT Certificate we will use the Qlik Sense self-signed server certificate in PEM format. It can be found under this location.
Keep in mind that any certificate for which the Private Key is used to generate the JSON Web Token (JWT), can be used here.
The server certificate private key is also found here and will be used to generate the token.
Next, open the PEM formatted server certificate with a text editor and paste the content in the Virtual Proxy configuration.
We also need to configure JWT attribute for user ID and for user directory which will need to match the ones we configure when generating the token.
Save the settings and now for generating the token we can leverage the commonly used site jwt.io, as an example.
We will select the algorithm RS256, then add the userID and userDirectory attributes previously configured in the Virtual Proxy.
Make sure to set the values for these attributes to an intended licensed user that will be authorized access, then open the PEM formatted private key file and copy the content to the appropriate field on the website.
Notice how the JWT is generated when the Private Key in PEM format is added.
To validate the signature, we can add the PEM formatted server certificate in the appropriate field.
This confirms that the server cert configured in the Virtual Proxy should be able to validate the JWT signature as long as it is not an encrypted token and the algorithm used is either RS256, RS384, or RS512.
Now for testing we need to use the token when accessing the Hub or QMC.
In this example we will use Fiddler Classic version as it is a widely used tool.
It will allow us to inject the needed Security header and then inspect the request Headers.
First, ensure HTTPS decryption is enabled.
Then configure the Authorization header under the Filters tab as seen here. The JWT token is pasted after the word Bearer as shown here.
Start the Capture, and now when accessing the QMC or Hub using the configured Vitual Proxy prefix in the URL, the licensed user referenced in the token should be allowed access.
We can see in the Inspection tab where the header was injected and sent to the Qlik Sense server with the token.
Under the Auth tab the JWT as content of the Authorization Header should be displayed.
The same can be performed with the Fiddler Everywhere version after enabling HTTPS traffic decryption and adding the authorization header in a similar fashion.
Another and perhaps simpler alternative for testing is to use a Google Chrome extension such as Modheader which also injects the authorization header.
If you’d like more information,
Take advantage of the expertise of peers, product experts, and technical support engineers
by asking a question in a Qlik Product Forum on Qlik Community.
Or search for answers using the new SearchUnify tool.
It searches across our Knowledge Base, Qlik Help, Qlik Community, Qlik YouTube channels and more, all from one place.
Also check out the Support Programs space.
Here you can learn directly from Qlik experts via a Support webinar, like Techspert Thursdays.
And don’t forget to subscribe to the Support Updates Blog.
Thanks for watching.
Nailed it!

Attached is a downloadable .mp4 video file for those who cannot view YouTube videos.

#QlikSupport

Labels (1)
Attachments
Version history
Revision #:
1 of 1
Last update:
‎2021-01-29 10:15 AM
Updated by:
 
Contributors