Qlik Community

Qlik Sense Integration, Extensions, & APIs

Discussion board where members can learn more about Integration, Extensions and API’s for Qlik Sense.

Announcements
QlikWorld 2020: Join us May 11 - 14, 2020 in Phoenix, AZ. Register early and save $400. Learn More
Partner
Partner

Request a ticket for another user with the certificate of the root admin

Hello, dear Qlikers!

Suppose the following scenario: I am a QlikSense user, root admin, and I have a certificate exported through QMC. Now, I am using this certificate and my user to request a ticket in the name of another user by using the well know body in the request.

Request:

 

POST https://myqliksenseserver:4243/qps/myproxyprefix/ticket?xrfkey=blablabla12424

 

Body:

 

{
  "UserDirectory": "myqlikdomainname",
  "UserId": "anotheruser",
  "Attributes": [
    {
      "group": "value1a"
    }]
}

 

 

My questions are:

1. Is this possible to request a ticket for a user using another user's certificate?

2. What would be my settings in the Virtual Proxy configuration, regarding Redirect URI or another important setting?

3. If all works and I get the ticket, I can append that ticket at the end of a single configurator link for an object and the user in which name I request the ticket can consume it in 60 seconds? Will the constraints on the user's privileges, to see certain data, will apply? For example, will he see a blank visual if he doenst have privileges for the data behind the object?

I do mention that the request will be made from a C# app.

Thank you very much for any hints! Would help a lot!

Dearly,

Catalin

1 Reply
Mauritz_SA
Contributor III

Re: Request a ticket for another user with the certificate of the root admin

Hi there

I am no expert in this, but I can give you some pointers (and the real experts can point out if/where I am wrong).

1. The certificate is for the server, not a user. So I don't think there is something like a user's certificate - only one for the server. I guess you can personalise it by having a passphrase.

2. Not sure.

3. If you append the ticket to the URL then you have in essence authenticated that user (anotheruser in your case). When someone (it doesn't have to be you) uses that ticket they will be treated as if they are anotheruser. If there are security rules set up in the QMC that limits what the user anotheruser should see then those will be applied, but that is normally used for stream, app, sheet and sheet object access.

If you have implemented Section Access then the data that anotheruser will see will be reduced. This article is very nice for reading up on Section Access.

Hope this gets you going.

Mauritz