A document for setting up Qlik Sense 1.1 Virtual Proxies. The attached document walks through the steps to configure a virtual proxy and test connectivity with Fiddler and Postman Chrome Extension.
Thanks Jeffrey, very usefull document. Do you know if anything is change for Qlik Sense 3.x version? I'm trying to configure header integration with a reverse proxy in Qlik Sense 3.0.2, but I'm experiencing some issues.
API check through postman is ok, the header check using fiddler fails: the Hub can be reached, but the user seems not be recognized (it does not appear on the left at the top of the page) and the apps, which are showed, cannot be opened (A generic error is showed).
Hi Matteo, make sure you have added the hostname you are connecting to Qlik Sense with to the host white list of the virtual proxy config.
I haven't played with header auth in a long time (hence the old revision of this doc).
The key thing with header authentication is the header needs to be persisted and sent with every request to the Qlik Sense proxy or the connection will be severed.
We've identified the problem and solved it. We have verified that the reverse proxy injected the header not only into the http/https but also into WEBSOCKET requests, the authentication worked! (As you said, the header need to be sent with every request)
Can you please share how you solved your problem? We are having the some issue with the header injection with our reverse proxy server in Sense 3.1.1. Any help will be highly appreciated.
with an error message 'XSRF prevention check failed. Possible XSRF discovered'
The certificates are placed in the right placeholders and I had tried adding an explicit Xrfkey string as well. Did not work either way. Could nt get my head around the authentication module. Please help me understand
Failed to acquire user principal name from directory services
The user name or password is incorrect.↵↓
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)↵↓ at System.DirectoryServices.DirectoryEntry.Bind()↵↓ at System.DirectoryServices.DirectoryEntry.get_AdsObject()↵↓ at System.DirectoryServices.PropertyValueCollection.PopulateList()↵↓ at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)↵↓ at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)↵↓ at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()↵↓ at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()↵↓ at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()↵↓ at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()↵↓ at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)↵↓ at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue)↵↓ at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue)↵↓ at Proxy.DefaultModules.Authentication.WindowsIdentityExtensions.GetUserPrincipalName(WindowsIdentity windowsIdentity, String userDirectory)↵↓ at Proxy.DefaultModules.Authentication.WindowsAuthenticationRequestHandler.ParseUser(HttpListenerContext context)
cf5e4bac-70f6-4815-a987-36b485571436
"
The servers are built in a different domain and users are hosted in a different domain
Rajesh, this project is not up to date and is not maintained. In addition, this question is off topic to the original posting. You may want to check Branch for other projects related to uploading or importing apps to server. Is there a reason why you do not want to use the import capabilities in the QMC?
santhyamuthu, you are not supplying the xrfkey in the request. That is why you are receiving the xsrf prevention message. Please review page six of the document at the top of this page. In addition, is there a reason why you are performing windows auth when this post is about header auth?
