Skip to main content
Woohoo! Qlik Community has won “Best in Class Community” in the 2024 Khoros Kudos awards!
Announcements
Nov. 20th, Qlik Insider - Lakehouses: Driving the Future of Data & AI - PICK A SESSION

Configuring Qlik Sense Server to JWT Auth

No ratings
cancel
Showing results for 
Search instead for 
Did you mean: 
sri_c003
Partner - Creator II
Partner - Creator II

Configuring Qlik Sense Server to JWT Auth

Last Update:

Dec 8, 2017 11:46:12 AM

Updated By:

sri_c003

Created date:

Dec 8, 2017 11:46:12 AM

  1. Login into QlikSense Management Console
  2. Optionally, configure the existing Central proxy to allow for HTTP connections also.
  3. Head over the MMC to view the certificates, and add the Certificates snap in for local computer as well as current user.
  4. Pick the certificate you inserted, or the one Qlik created when starting up. For simplicity, I used the one Qlik created. Open the certificate, and copy the thumbprint text, and save it. It would be used down the line.   
  5. Export the certificate, with all keys.
  6. Install OpenSSL.
  7. Place the exported certificate in a separate folder.
    1. Execute the below commands in a command prompt (in the folder).
      1. openssl.exe pkcs12 -in QlikClient.pfx -nocerts -out priv.pem
      2. openssl.exe rsa -in priv.pem -out priv.pem
      3. openssl.exe pkcs12 -in QlikClient.pfx -out privpub.pem
      4. openssl x509 -inform pem -in privpub.pem -pubkey -out pub.pem -outform pem
    2. Copy the public key to a text file to be used later.
  8. Head over to Virtual Proxies screen. Click on “Create New” and fill in the details. Be careful about the case, especially when filling in attributes.
    1. Identification
      1. Description: Description to identify the proxy in the virtual proxies screen
      2. Prefix: This would be the url on which user would access the application
        1. Example: default url: https://<server>/qmc
        2. Proxy prefix: jwt
        3. New url via proxy: https://<server>/jwt/qmc
    2. Authentication
      1. Anonymous access mode: No anonymous user
      2. Authentication mode: JWT
      3. JWT certificate: In the folder we used in step 7 above, open the file pub.pem in notepad or similar application, copy the entire text, and paste the same in the text area.
      4. JWT attribute for user ID: UserId
      5. JWT attribute for user directory: UserDirectory
    3. Click on Load Balancing and add the Server to be used by this proxy.
    4. Click Apply and save the new virtual proxy.
    5. By the end of this step, the virtual proxy screen should show our newly created proxy created, and linked to proxy service.
  9. Head to the users section in QMC, and create/select the user we wish to use with the proxy we created to test if it works as intended.
    1. Make a note of the user id, user directory, and any assigned roles.
  10. Open browser window, and open the site https://jwt.io
    1. Segment 1: leave as is
    2. Segment 2: Update userid, user directory, and any attributes of the user (optional)
    3. Segment 3: Paste the public key or the certificate contents
    4. Segment 4: Paste the private key (this is only for testing the generated key)
    5. Segment 5: Make sure that this says “Signature verified”. If this shows otherwise, make necessary changes in the above segments.
  11. Install any tool to place requests to Qlik Sense server. I am using Postman.
  12. Open postman (or any tool that supports placing requests).
    1. Set the request to GET
    2. Paste the server url (ensure you have /jwt between server and target page).
      1. https://<server>/jwt/sense/app/<app id>
    3. Click on Headers
    4. Add a new header – Authorization
    5. Under the value enter as below
      1. Bearer <space> <encoded value from step 11 above>
  13. To ensure it is all working fine, verify the following:
    1. The response should not show a error 401, and/or a qlik page saying authentication failed at proxy.
    2. Ensure the response headers show valid values, and the body portion has valid HTML/data.
  14. That's it!
Comments
flanfranco
Partner - Contributor III
Partner - Contributor III

It is possible to configure an Authentication module redirect URI for JWT? 

CAS_JWT_REDIRECT.png

0 Likes
jpar0511
Contributor III
Contributor III

Hi there,

we are facing the same issues (401-Http code: 401) as soon as the token is invalid.

Unfortunately there is no redirection and therefore there is no access except of a cache clearing.

Is there a solution or workaround?

Thank you and BR
Jörg

patrickalexsilva
Partner - Contributor II
Partner - Contributor II

Hi @sri_c003 , great article and thank your for sharing.

I followed every step, very carefully but I am still getting HTTP Error 400.

What could it be?

My environment: Qlik Sense Enterprise April/2020 under Windows Server 2016

sri_c003
Partner - Creator II
Partner - Creator II

@patrickalexsilvaThe document is about 3 years old; and not keeping up with latest developments on NPrinting front.

0 Likes
cjcunningham
Contributor III
Contributor III

@flanfranco  and @jpar0511  , did you all ever find a solution to your issue of getting a 401 error after the token is invalid.

Thanks

0 Likes
Version history
Last update:
‎2017-12-08 11:46 AM
Updated by: