Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
niceqlik
Partner - Contributor III
Partner - Contributor III
‎2016-03-25 09:55 AM

How to establish a secure web socket connection (wss://) using Qlik Engine API ?

Hi everybody,

I have found a nice article describing how to consume Qlik Engine API by making use of Web Sockets.

http://sentienttidbits.blogspot.com.tr/2014/09/a-simple-websocket-client.html

This example is using Qlik Sense Dekstop so that it doesn't have to worry about authentication because in Desktop basically there is only one user that can use the API.

But how about using Qlik Sense Server's web socket layer? It sounds to me that we need to use wss:// and some sort of certificates for making API calls but couldn't find a way.

All I want to do is to authenticate a user first somehow in a custom client application (using ticketing or etc.) and then use this very same user to fetch Qlik App Data (based on the security level it has) to be used in this application. 

10,738 Views
1 Solution

Accepted Solutions
Alexander_Thor
Employee
Employee
‎2016-03-29 09:54 AM

In response to Alexander_Thor

And to answer your question a bit more clearly,

If your user already is authenticated, i.e a session cookie exists then supply that cookie in the http upgrade request and the socket will open.

If your is not authenticated and you use ticketing, supply ?qlikTicket=<ticket> value to your wss://server/app/<enginesession> connection. This will consume the ticket and send a Set-Cookie header back containing your session cookie.

Another concept to look out for is what we refer to as the whitelist.
In Qlik Sense QMC under your virtual proxy we have something called the origin whitelist. Everytime a websocket connection is established (well the http upgrade to be technical) we verify the origin of that request against the whitelist to determain if you should be granted access. So make sure whatever service you are building has it's origin listed in the whitelist.

View solution in original post

7,089 Views
7 Replies
Not applicable
‎2016-03-29 04:09 AM

any idea or answer ?

7,089 Views
0 Likes
Øystein_Kolsrud
Employee
Employee
‎2016-03-29 05:22 AM

Are you using .Net for your development? If so, have you tried using the Qlik Sense .Net SDK? With that SDK you can connect as NTLM user like this:

var location = Location.FromUri(new Uri(<my Uri>));


location.AsNtlmUserViaProxy();


using (var hub = location.Hub())


{


  Console.WriteLine(hub.ProductVersion());


}

The documentation for the method can be found here: LocationExtensions.AsNtlmUserViaProxy Method

General information regarding getting started with the SDK can be found here: Qlik Sense .NET SDK ‒ Qlik Sense

7,089 Views
0 Likes
niceqlik
Partner - Contributor III
Partner - Contributor III
‎2016-03-29 06:07 AM
Author

In response to Øystein_Kolsrud

Hi Øystein, thanks for the reply.

Actually, i want to build a platform-independent solution.

I am aware of the .NET SDK but in the future, I may require to use Java or Objective-C to build native mobile apps.

So, i basically need to establish a secure web socket connection with some socket clients that are based on these environments.

Recently, i have found a utility based on Javascript. it makes sense to use it and it is working as exactly as i want.

https://github.com/mindspank/qsocks

But i still need to find out how i can adapt this utility into a generic solution so that i can use it when building let's say an Android app. In the following days, i will be working on this subject and will update this topic when there is an applicable solution.

7,089 Views
0 Likes
Alexander_Thor
Employee
Employee
‎2016-03-29 09:42 AM

In response to niceqlik

Hey Ismail,

You can just use qsocks as a starting point, the architecture will be pretty similar regardless of language.

I have used jetty for Java in the past which worked ok as a websocket client.

You probably won't find something that is generic enough to cross-compile between platforms but the code architecture will look the same.

7,089 Views
Alexander_Thor
Employee
Employee
‎2016-03-29 09:54 AM

In response to Alexander_Thor

And to answer your question a bit more clearly,

If your user already is authenticated, i.e a session cookie exists then supply that cookie in the http upgrade request and the socket will open.

If your is not authenticated and you use ticketing, supply ?qlikTicket=<ticket> value to your wss://server/app/<enginesession> connection. This will consume the ticket and send a Set-Cookie header back containing your session cookie.

Another concept to look out for is what we refer to as the whitelist.
In Qlik Sense QMC under your virtual proxy we have something called the origin whitelist. Everytime a websocket connection is established (well the http upgrade to be technical) we verify the origin of that request against the whitelist to determain if you should be granted access. So make sure whatever service you are building has it's origin listed in the whitelist.

7,090 Views
niceqlik
Partner - Contributor III
Partner - Contributor III
‎2016-03-29 10:01 AM
Author

In response to Alexander_Thor

Many thanks Alexander,

This is exactly what i need to hear to learn about the underlying mechanism. The key point for me is to get the current session or create a new one.

So, now i can use whatever technology i want to reach the same goal

Sincerely,

7,089 Views
0 Likes
Anonymous
Not applicable
‎2017-10-04 05:46 AM

In response to Alexander_Thor

I have implemented authentication, but still I am getting websocket connection failed error. If I whitelist my client host in virtual proxy, it works fine. Could you please let me know, what is that I am missing

7,089 Views
0 Likes