Qlik Community

Qlik Sense Enterprise Documents

Documents for Qlik Sense related information.

Qlik Sense 1.1: Set Up Header Auth Virtual Proxy

Not applicable

Qlik Sense 1.1: Set Up Header Auth Virtual Proxy

A document for setting up Qlik Sense 1.1 Virtual Proxies.  The attached document walks through the steps to configure a virtual proxy and test connectivity with Fiddler and Postman Chrome Extension.

Comments
korsikov
Valued Contributor II

Hice. That would also describe simple authentication module, such as for users with xls file

Not applicable

Alexander, on it's way hopefully later today!

matteoacn
New Contributor II

Thanks Jeffrey, very usefull document. Do you know if anything is change for Qlik Sense 3.x version? I'm trying to configure header integration with a reverse proxy in Qlik Sense 3.0.2, but I'm experiencing some issues.

API check through postman is ok, the header check using fiddler fails: the Hub can be reached, but the user seems not be recognized (it does not appear on the left at the top of the page) and the apps, which are showed, cannot be opened (A generic error is showed).

Thank you in advance!

Not applicable

Hi Matteo, make sure you have added the hostname you are connecting to Qlik Sense with to the host white list of the virtual proxy config.

I haven't played with header auth in a long time (hence the old revision of this doc).

The key thing with header authentication is the header needs to be persisted and sent with every request to the Qlik Sense proxy or the connection will be severed.

jg

matteoacn
New Contributor II

Thanks Jeffrey.

We've identified the problem and solved it. We have verified that the reverse proxy injected the header not only into the http/https but also into WEBSOCKET requests, the authentication worked! (As you said, the header need to be sent with every request)

Fiddler has not been useful, we used "Modify Header Value (HTTP Headers)" Firefox extension to correctly inject header.


wonoh0817
New Contributor III

Hi Matteo,

Can you please share how you solved your problem? We are having the some issue with the header injection with our reverse proxy server in Sense 3.1.1. Any help will be highly appreciated.

santhyamuthu
New Contributor

Hi Jeff,

Am trying to check some APIs using windows authentication through Postman. I keep getting XSRF error messages. ''

I hit this link https://servername/qrs/stream/full

It prompted me for my Windows username and password and then returned me this

https://servername/qrs/stream/full?qlikTicket=Z5Hh6bmxJA55jCRv

with an error message 'XSRF prevention check failed. Possible XSRF discovered'

The certificates are placed in the right placeholders and I had tried adding an explicit Xrfkey string as well. Did not work either way. Could nt get my head around the authentication module. Please help me understand

Proxy Logs had this error message

"

5020161221T083317.152+0000WARN<servername>System.Proxy.Proxy.DefaultModules.Authentication.WindowsAuthenticationRequestHandler19cf5e4bac-70f6-4815-a987-36b485571436Domain\UsernameFailed to acquire user principal name from directory servicesThe user name or password is incorrect.↵↓   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)↵↓   at System.DirectoryServices.DirectoryEntry.Bind()↵↓   at System.DirectoryServices.DirectoryEntry.get_AdsObject()↵↓   at System.DirectoryServices.PropertyValueCollection.PopulateList()↵↓   at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)↵↓   at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)↵↓   at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()↵↓   at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()↵↓   at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()↵↓   at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()↵↓   at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)↵↓   at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue)↵↓   at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue)↵↓   at Proxy.DefaultModules.Authentication.WindowsIdentityExtensions.GetUserPrincipalName(WindowsIdentity windowsIdentity, String userDirectory)↵↓   at Proxy.DefaultModules.Authentication.WindowsAuthenticationRequestHandler.ParseUser(HttpListenerContext context)cf5e4bac-70f6-4815-a987-36b485571436

"

The servers are built in a different domain and users are hosted in a different domain

Thanks,

Santhya

rajeshvaswani77
Valued Contributor III

Hi Jeff,

I am using the App uploader that you have uploaded on Git Hub. Get the below error:

An unhandled exception of type 'System.Exception' occurred in QRSAPI_Manage.exe

Additional information: Couldnt connect to the server at https://iacwin12 , check that the Proxy and QRS are running.

Have used the stable version of Qlik libraries. please do let me know.

Thanks,

Rajesh Vaswani

Not applicable

Rajesh, this project is not up to date and is not maintained.  In addition, this question is off topic to the original posting.  You may want to check Branch for other projects related to uploading or importing apps to server.  Is there a reason why you do not want to use the import capabilities in the QMC?

Not applicable

santhyamuthu‌, you are not supplying the xrfkey in the request.  That is why you are receiving the xsrf prevention message.  Please review page six of the document at the top of this page.  In addition, is there a reason why you are performing windows auth when this post is about header auth?

jg

Version history
Revision #:
1 of 1
Last update:
‎03-18-2015 03:12 PM
Updated by: