Qlik Community

Qlik Sense Deployment & Management

Discussion board where members learn more about Qlik Sense Installation, Deployment and Management.

kishorj1982
Contributor II

Proxy configuration in qlik sense

Hi All,

I have queries as per below,

1.How proxy can be configured in qlik sense

2.How JWT can be configured.

thanks

8 Replies
awhitfield
Esteemed Contributor

Re: Proxy configuration in qlik sense

ujjawal1989
New Contributor II

Re: Proxy configuration in qlik sense

Hello Kishore,

Hope you are doing well!

You can use this article once and see if you can solve this. You have to use a cert and then you have to extract the private and public keys (open SSL could be an option) and then from you have to get the bearer token from JWT.IO by providing the header authentication (based on the user settings and attributes which you want to pass it in header). You have to create a separate VP in QLik sense with JWT authentication and then test that.

Let me know if any error which you see.

https://help.qlik.com/en-US/sense/April2018/Subsystems/ManagementConsole/Content/JWT-authentication....

Regards,

Ujjawal

kishorj1982
Contributor II

Re: Proxy configuration in qlik sense

Hi Ujjawal,

In our domain our identity is set in directory \username format.

Eg. My name id Kishorj and domain is sg then my identity is sg\kishorj.


Could you please suggest how to set above identity on jwt.io page.


Also, in qlik sense if I am retrieving users from excel not fromAD then in that case JWT is applicable?

(Note that we have same maintained organisation users in excel )

Please suggest



Thanks

ujjawal1989
New Contributor II

Re: Proxy configuration in qlik sense

Hello Kishore,

You have to open the website https://jwt.io and then payload should be this. You have to choose RSA256 as an algorithm and nothing should be changed under the "Header" section and along with this, you will have to extract the public and private key of that cert which you will have to paste it on the same website under those sections and then you have to copy the token and use it by adding "Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiJLaXNob3JlIiwidXNlckRpcmVjdG9yeSI6InNnIn0.rSWaQaDifWamWXOH_rP8AhIZvpdo3U1o_NMauMhGbGDyp2E9p3OW_G1IPAdknVJrRKxNexrALnqdzaBj2KHj9jAmgnNQCRybanOx9PPfVXyIa0BcsOlnCiIIyJxRWdeh_XcBGIt8uTY9Yugie02ovAlte3cPSPHHBs8TRGHiJqU" like this.

Above is just an example for you.

Question:-in qlik sense if I am retrieving users from excel not from AD then in that case JWT is applicable

Ans:- You can try that based on the attributes which you using while bringing the users in Qliksense. I used attributes "userId" and userDirectory, however, you might be using uid or anything else so you can try and test with that and see if that makes a difference.

{

  "userId": "Kishore",
  "userDirectory": "sg"
}

Regards,

Ujjawal

kishorj1982
Contributor II

Re: Proxy configuration in qlik sense

Hi Ujjwal,

Thanks for the response.

Currently in our server we have below format for tokens

domainame\\userid.

But in Qlik proxy configuration we can pass both the entities separately.

Do we need to maintain separate claims for both domainname and userid or

if possible could you please suggest what to do to het the claims by using above format.

I have attached my proxy settings and jwt signature screenshots in an attachment.

Thanks

kishorj1982
Contributor II

Re: Proxy configuration in qlik sense

Hi Ujjawal,

Could you please suggest me on this, or you can message me ur contact will communicate with you.

thanks

ujjawal1989
New Contributor II

Re: Proxy configuration in qlik sense

Hello Kishore,

I have seen that file. You are passing lots of information under payload however you should test it with userID and user directory first and see if that works.

And second, i see that new virtual proxy you configured is not correct.

Fix these below under new virtual proxy for JWT

1. you used prefix as jwt then session cookie header name should be x-qlik-session-jwt.

2. JWT attribute for user id should be this "userId" and directory "userDirectory" not the one which you mentioned and the please test it only with userID and userDirectory and see if you can authenticate with JWT hearder to qlik sense hub and then add more payload option which can be sent in JWT authentication.

Introduction to JWT (JSON Web Token) - Securing apps & services - YouTube

Thanks,

Ujjawal

kishorj1982
Contributor II

Re: Proxy configuration in qlik sense

Hi Ujjawal,

PFA.

We are using postman to communicate with the server.

Right now below is the scenario,

1.We are able to get the token from identity server(Other server).

2.But we can not  send it to Qlik sense Hub link in postman.

Please suggest.

Thanks

Community Browser