Qlik Sense Header Authentication 401 Error

Sonja_Bauernfeind · Jun 21, 2021 1:46:14 PM

When setting up Header Authentication in Qlik Sense, the browser displays a 401 Error, "Could not authenticate the request: Expected an authentication header".

Environments:

Qlik Sense, all versions

Resolution:

This error means that the browser is not sending the required authorization headers.

For example, given a Virtual Proxy configuration as follows:

Setting	Value
Prefix	dynamic-header-auth
Authentication Method	Header authentication dynamic user directory
Header authentication header name	my-header
Header authentication dynamic user directory	$ud\\$id

Given a server with name qlikserver1.domain.local, this virtual proxy would be accessed at https://qlikserver1.domain.local/dynamic-header-auth/hub with the header my-header: some-user\some-domain.

Testing with the ModHeader Extension for Chrome:
In the below example, the "ModHeader" Chrome browser extension is used to inject the headers. If the headers are not provided, then the error "Could not authenticate the request: Expected an authentication header" is thrown.

Testing with Powershell:
You can use Powershell's Invoke-WebRequest method to verify this functionality as well, if you do not want to or are not able to install Chrome or the ModHeader extension.

$hdrs = @{}
$hdrs.Add("my-header","some-domain\some-user")
$url = "https://qlikserver1.domain.local/dynamic-header-auth/hub"
Invoke-WebRequest -Uri $url -Method Get -Headers $hdrs

An example successful response:

StatusCode        : 200
StatusDescription : OK
Content           : <!doctype html>
                    <html lang="en">...

An example error response:

Invoke-WebRequest : <!doctype html>
<html>
    <head>
        <meta charset="utf-8"/>
        <meta http-equiv="X-UA-Compatible" content="IE=edge"/>
        <meta name="google" value="notranslate"/>
        <title>401 - Http code: 401</title>....

Qlik does NOT support the 3rd party software mentioned and used in this documentation. Please use them at your own discretion and, if concerned, contact the proper IT team within your company to verify the ability to use non-Qlik related software in the environment.?

These examples/code are made available "AS IS" without warranty of any kind. Qlik support agreement does NOT cover support for this code, please use at your own discretion and, if concerned, contact the proper IT team within your company.

abadreamer · ‎2020-09-04

problem in this post is that this chrome extension sets the header in all requests not only in the first request , which can't be done if you are trying to implement this behavior from a mobile app web view

Normally you should set the header in first request and then in subsequent child requests qlik should depend on the value provided in the session cookie

david_kesselhei · ‎2020-10-28

I am trying to reverse proxy an app with header authentication and I am having this issue (using nginx). It works with the named extension but not when using nginx. Anybody an idea?

Sonja_Bauernfeind · ‎2020-11-03

Hello @david_kesselhei For better visibility, I would recommend heading over to our Qlik Sense Integration forums and post your question there, including any and all supporting information that you can gather (screen caps/log files, etc).

Qlik Sense Header Authentication 401 Error

Qlik Sense Header Authentication 401 Error

Resolution:

Integration and Embedding