Qlik Community

Qlik Sense Integration, Extensions, & APIs

Discussion board where members can learn more about Integration, Extensions and API’s for Qlik Sense.

erik_wetterberg
Honored Contributor

Authentication from web app - best practices??

Hi,

Lately I have been working om integrating an existing web app with Qlik Sense using the Engine API. Unlike most of the cases I have worked on before this web app is not hosted by Qlik Sense, which means users might not be authenticated with Qlik Sense. So we have to handle authentication.

What we have done some far is that when we get a 'Not authenticated' error message we make a HTTP GET to the Qlik Sense server. This triggers a login dialog, which works well when we have 'Windows authentication pattern' set to 'Windows'. When we switch to 'Form' is does not work any more...

This leads to my question: what is best practices for this scenario?

  • is the HTTP GET a general pattern, or just when 'Windows authentication pattern' is windows?
  • is there a more general approach? If possible we would like something that works with different configurations.
  • what file/URL is recommended for the GET?
  • what about logging out? How can we do that?? I've seen that the built-in client uses a HTTP DELETE when you do a logout, is that the way to go??

Grateful for any help

Erik Wetterberg

Erik Wetterberg
https://extendingqlik.upper88.com/
3 Replies
Employee
Employee

Re: Authentication from web app - best practices??

Hi Erik,

Qlik Sense does not make any Authentication, instead it relies on an external Identity Provider (IdP). Windoes Authentication is the default IdP for QlikSense. If you don't want Windows as IdP, you need to replace it with something else. Let me suppose your application already makes authentication, in this case you can use it as IdP. Qlik Sense can relies on your authentication module using the custom authentication (JWT, Ticket, header, session, and son on)..

If you want to know more, have a read here (https://help.qlik.com/en-US/sense/June2018/Subsystems/PlanningQlikSenseDeployments/Content/Deploymen...)  for general informations and here (https://help.qlik.com/en-US/sense/June2018/Subsystems/PlanningQlikSenseDeployments/Content/Deploymen...) for the custom solution. And here (https://github.com/mhamano/qlik-session-auth) an example of Session authentication which probably suite the best your case

erik_wetterberg
Honored Contributor

Re: Authentication from web app - best practices??

Hi,

Thanks for the reply, but the help is more around 'how can I configure authentication in my Qlik Sense installation' while my question is more 'how can I authenticate from a web app to Qlik Sense'. Since this web app should potentially be used with different Sense installations, we want it to be as general as possible. We have a working solution that simply makes a HTTP GET, but we have just grabbed a file which we believe is in all Qlik Sense installtions - is this the way to go? This means that Qlik Sense does all tickets, cookies etc, which is great, but perhaps we need to handle that in our code?

As far as I understand the example it is a Node js solution, while we are working in the browser, which means we want the user to enter username/password or do whatever authentication procedure is necessary.

Erik Wetterberg

Erik Wetterberg
https://extendingqlik.upper88.com/
bentotdecruz2
New Contributor

Re: Authentication from web app - best practices??

Hi Erik,

May I ask how you manage to get a 'Not authenticated' message? Did you try to create a session using enigma, or you call some qlik url?  If I call https://qlikserver/qps/user, it will return "session: inactive".  So I guess you're calling in a different way to get a 'Not authenticated' message.


Also, you said when you get a 'Not authenticated' message, you do an http get to qlik server.  Does it mean you call https://qlikserver/proxy/hub?  Cause calling this will either show a login pop-up or a login page depending if you use Windows or Form.  But why do you still want qlik to serve the login page when you have your own webapp?  I thought you have your own login page.  Unless you set your own login page in "authentication module redirect uri".  But even if you did set it as redirect, once you login, you'll be served with the https://qlikserver/proxy/hub url because that is the target url.  Is that your intention, or you also have your own landing page after you login from your own login page?


Also, did you manage to solve this?  Would appreciate it if you could share how you did it.  Thank you.


Thanks,

Ben

Community Browser