Skip to main content
The way to achieve your own success is the willingness to help somebody else. Go for it!

Configuring Qlik Sense Server to JWT Auth

No ratings
Showing results for 
Search instead for 
Did you mean: 
Partner - Creator II
Partner - Creator II

Configuring Qlik Sense Server to JWT Auth

  1. Login into QlikSense Management Console
  2. Optionally, configure the existing Central proxy to allow for HTTP connections also.
  3. Head over the MMC to view the certificates, and add the Certificates snap in for local computer as well as current user.
  4. Pick the certificate you inserted, or the one Qlik created when starting up. For simplicity, I used the one Qlik created. Open the certificate, and copy the thumbprint text, and save it. It would be used down the line.   
  5. Export the certificate, with all keys.
  6. Install OpenSSL.
  7. Place the exported certificate in a separate folder.
    1. Execute the below commands in a command prompt (in the folder).
      1. openssl.exe pkcs12 -in QlikClient.pfx -nocerts -out priv.pem
      2. openssl.exe rsa -in priv.pem -out priv.pem
      3. openssl.exe pkcs12 -in QlikClient.pfx -out privpub.pem
      4. openssl x509 -inform pem -in privpub.pem -pubkey -out pub.pem -outform pem
    2. Copy the public key to a text file to be used later.
  8. Head over to Virtual Proxies screen. Click on “Create New” and fill in the details. Be careful about the case, especially when filling in attributes.
    1. Identification
      1. Description: Description to identify the proxy in the virtual proxies screen
      2. Prefix: This would be the url on which user would access the application
        1. Example: default url: https://<server>/qmc
        2. Proxy prefix: jwt
        3. New url via proxy: https://<server>/jwt/qmc
    2. Authentication
      1. Anonymous access mode: No anonymous user
      2. Authentication mode: JWT
      3. JWT certificate: In the folder we used in step 7 above, open the file pub.pem in notepad or similar application, copy the entire text, and paste the same in the text area.
      4. JWT attribute for user ID: UserId
      5. JWT attribute for user directory: UserDirectory
    3. Click on Load Balancing and add the Server to be used by this proxy.
    4. Click Apply and save the new virtual proxy.
    5. By the end of this step, the virtual proxy screen should show our newly created proxy created, and linked to proxy service.
  9. Head to the users section in QMC, and create/select the user we wish to use with the proxy we created to test if it works as intended.
    1. Make a note of the user id, user directory, and any assigned roles.
  10. Open browser window, and open the site
    1. Segment 1: leave as is
    2. Segment 2: Update userid, user directory, and any attributes of the user (optional)
    3. Segment 3: Paste the public key or the certificate contents
    4. Segment 4: Paste the private key (this is only for testing the generated key)
    5. Segment 5: Make sure that this says “Signature verified”. If this shows otherwise, make necessary changes in the above segments.
  11. Install any tool to place requests to Qlik Sense server. I am using Postman.
  12. Open postman (or any tool that supports placing requests).
    1. Set the request to GET
    2. Paste the server url (ensure you have /jwt between server and target page).
      1. https://<server>/jwt/sense/app/<app id>
    3. Click on Headers
    4. Add a new header – Authorization
    5. Under the value enter as below
      1. Bearer <space> <encoded value from step 11 above>
  13. To ensure it is all working fine, verify the following:
    1. The response should not show a error 401, and/or a qlik page saying authentication failed at proxy.
    2. Ensure the response headers show valid values, and the body portion has valid HTML/data.
  14. That's it!
Partner - Contributor III
Partner - Contributor III

It is possible to configure an Authentication module redirect URI for JWT? 


Contributor III
Contributor III

Hi there,

we are facing the same issues (401-Http code: 401) as soon as the token is invalid.

Unfortunately there is no redirection and therefore there is no access except of a cache clearing.

Is there a solution or workaround?

Thank you and BR

Partner - Contributor II
Partner - Contributor II

Hi @sri_c003 , great article and thank your for sharing.

I followed every step, very carefully but I am still getting HTTP Error 400.

What could it be?

My environment: Qlik Sense Enterprise April/2020 under Windows Server 2016

Partner - Creator II
Partner - Creator II

@patrickalexsilvaThe document is about 3 years old; and not keeping up with latest developments on NPrinting front.

Contributor II
Contributor II

@flanfranco  and @jpar0511  , did you all ever find a solution to your issue of getting a 401 error after the token is invalid.


Version history
Last update:
‎2017-12-08 11:46 AM
Updated by: