9 Replies Latest reply: Mar 27, 2015 7:10 AM by Jeffrey Goldberg RSS

    Header authentication with PHP

      Hi,

       

      I'm attempting to implement Header Authentication. So does anyone have some PHP code for injecting headers then redirecting to https://qlikserver/HeaderProxPrefix/Hub?

      cURL injects but doesn't redirect rather return the content.

      Header() injects headers and redirects but seems omitting headers when redirecting.

      My two headers are the cross-site key (XrfKey) and the header name.


      Thanks,

      Amir.

        • Re: Header authentication with PHP
          Jeffrey Goldberg

          Amir,

           

          I think the issue is you are performing a redirect.  You need to create a new httprequest and add the headers.  From there you want to capture the response and output it to the browser.

           

          I don't know a lot about php, but the concept is the same as it is with asp.net or using something like Postman to test.

           

          The thing you need to remember is to supply a cert in the request as well or the connection won't be trusted and you may not be able to get the proper response in code.

           

          jg

          • Re: Header authentication with PHP

            Thanks Jeff. This is exactly what I am doing, retrieving the content, but that doesn't retrieve the css from resources folder in Qlik.

             

            Here is my php code:

            <?php $request = new HttpRequest('https://QlikServer/Prefix/hub?Xrfkey=abcdefg123456789', HttpRequest::METH_GET);

            $request->setHeaders(array('X-Qlik-Xrfkey' => 'abcdefg123456789','CMI_Header' => 'CMI\U1'));

            $request->setOptions(array('redirect' => 10));

            echo $request->send()->getBody(); ?>

             

            Above script inserts U1 to Users section in QMC. So that's why I don't think it may not be a certificate issue.
            My script also returns response pointing to Qlik resources like: http://reverseProxy/resources/assets/hub/hub.css, thus returning error (below screenshot). While hub.css exists in http://QlikServer/resources/assets/hub/hub.css. That's why I thought returning html content only (getbody() in above script) isn't correct.

             


            If I replace above URL with https://www.google.com it retrieves google's site html content (without pics though). If I put the URL https://QlikServer... directly to chrome it redirects to Qlik Hub.

             

            So any code in ASP.net for this?

             

            Many thanks.

            Amir.

            • Re: Header authentication with PHP

              The IP .128 is the server where my above php code is running (proxy server, not Qlik server).

              My above code inserts users to QMC user list, but doesn't seem to return full page contents (css, png, etc.).

              I didn't find in the httpRequest class (neither in cURL or Header()) a function to return the whole response, rather only the message. SetOptions: PHP: Request Options - Manual.

              That's why I thought maybe someone knows a function in some php, asp.net, etc that does it.

               

              Thanks,

              Amir.

                • Re: Header authentication with PHP
                  Jeffrey Goldberg

                  Amir,

                   

                  Here is a link to a sample page in .net.  It gets the ticket and then it does a response.redirect to the hub with the ticket appended.

                   

                  https://www.dropbox.com/s/fgckbwj5hvqp4ak/tickrequest.aspx?dl=0

                    • Re: Header authentication with PHP

                      Thanks Jeff! Very informative code. I see one button to request for ticket (with header), and another button to redirect with a sole URL parameter (no headers). I am looking for SSO with header authentication. So do I use your code as:

                      HttpWebRequest request = (HttpWebRequest)WebRequest.Create(
                      "https://QlikServer/Prefix/hub?Xrfkey=abcdefg123456789");

                                  request.ContentType = "application/json";

                                  request.Method = "POST";

                                  request.Accept = "application/json";

                                  request.Headers.Add("X-Qlik-Xrfkey", "0123456789abcdef");

                                  request.Headers.Add("CMI_Header", "CMI\UI");         

                                  HttpWebResponse response = (HttpWebResponse)request.GetResponse();

                              Stream stream = response.GetResponseStream();

                                  return stream != null ? new StreamReader(stream).ReadToEnd() : string.Empty;

                      If so, how do I redirect then to the hub or how do I display the response back from the hub to the browser after returning the stream? Sorry I am not expert in ASP.net.

                       

                      Thanks,

                      Amir.

                        • Re: Header authentication with PHP
                          Jeffrey Goldberg

                          I think instead of redirecting to the hub, you output the response to the browser.  You are already creating a request to the hub with the headers, therefore, you should get a response letting you in.  I'll have to play around with it to give you an updated sample. You have to make sure to include the certificate in the request.

                           

                          jg

                    • Re: Header authentication with PHP

                      I appreciate it. Looking forward for it.
                      Side question: How do I include the certificate in the request? I tried your code and the CertificateFoo is null.

                        • Re: Header authentication with PHP
                          Jeffrey Goldberg

                          If you are getting null response on the certificate it means that the certificate lookup in the code is not finding the specified certificate to include in the request in your cert store.

                           

                          I have my QlikClient cert in the personal folder of the local machine store.  You may not have the cert imported which is something you will want to do.  If you do, maybe it is in personal folder of current user store.  If that is the case you will want to change the reference in the cert lookup to point to Storename.CurrentUser.

                           

                          jg