Windows authentication with NGINX

morenoju · ‎2018-10-29

Hi all,

I'm trying to use Windows Authenticaton with an NGINX reverse proxy but I'm having the following problem:

The users type the address of the Qlik dashboards using the name of the domain, but the Qlik Server answers with the internal IP (https://172.11.22.33:4244'windows_authentication/?targetID=3f...). This is a problem, because that IP is not know. What I wanted was a response with the domain name to redirect the call to NGINX again.

Any idea on what to do to obtain the response using the domain name?

I'm attaching a diagram in case it helps to understand the issue.

Thanks,

Juan

ToniKautto · ‎2019-02-16

Generally I would suggest that you communicate with your Qlik Sense server over FQDN instead of IP address. This will make certificate trust and setup more likely to work.

What version of Qlik Sense are you using?
Redirect to port 4244 is not the behavior in latest version.

Your diagram is slightly misleading, in terms of that Qlik Sense never talks directly to the client, so the client should never receive references to your internal server IP or FQDN.
Qlik Sense is placed behind a reverse proxy (NGINX) in your scenario. It is the reverse proxies task to translate packages so that communication make sense on both sides.

I would suggest that you review the NGINX config.
- Only include one Qlik Sense node in NGINX config, if you have multiple nodes available
- Enable anonymous authentication in Qlik Sense
- Validate that client can successfully access Qlik Sense Hub through NGINX
- Add all Qlik Sense nodes in NGINX config, validate that load balancing and sticky session works as expected
- Enable Windows authentication in Qlik Sense, validate that everything still works

Related Topics