16 Replies Latest reply: Sep 7, 2017 2:59 PM by Michal Pinka RSS

    Qlik sense SSO logout API

      Hi

       

      We have integrated Qlik Sense Hub into our application via Virtual Proxy with SAML based authentication.

       

      I am able to log on to hub and able to view apps and do actions as per security rule perfectly good. Now when I logout on my application,I would like to logout the session from Qlik sense as well.

       

      Is there any api that I can make use of to logout.

       

      We also support multiple session for a single login. i.e., Same user can login from different location

       

      How do I get to logout the user from Qlik in such cases?

       

      Thanks

        • Re: Qlik sense SSO logout API
          Adnan Rafiq

          Hi Mahendra,

          Sorry to put an unwanted comment, but I have some issue where i feel you can help me.

           

          I have been trying to apply SAML integration for while but was unable to do so other than onelogin.

          did you performed SAML integration on standard application like sales force etc or customized application?

           

          Thanks  alot in advance.

          • Re: Qlik sense SSO logout API
            Lars-Goran Book

            Hi,

            You should use the Qlik Sense Proxy API, but be sure to use the same session.

            https://help.qlik.com/en-US/sense-developer/2.0/Subsystems/ProxyServiceAPI/Content/ProxyServiceAPI/ProxyServiceAPI-ProxyServiceAPI-Logout-Delete-User.htm?_ga=1.53820072.1056473090.1456404673

             

            Here some C# code that might help.

               var serverPath = this.ServerUri + "/qps";

             

               if (!string.IsNullOrEmpty(this.VirtualProxyPath))

             

              serverPath += this.VirtualProxyPath;

             

               var request = (HttpWebRequest)HttpWebRequest.Create(serverPath + "/user");

             

              request.CookieContainer = new CookieContainer();

             

               foreach (var cookie in allCookies)

             

              request.CookieContainer.Add(new Uri(serverPath), cookie);

             

              request.Method = "DELETE";

             

             

             

             

             

            Best Regards

            Lars-Göran Book

              • Re: Qlik sense SSO logout API
                Konrad Mattheis

                Hi Lars,

                 

                thanks for you code snippet, but this is only correct if you really use a virtual proxy. The Qlik Sever don't want for example 2 slahes in the URI. You have to set the / in the check of the VirtualproxyPath

                Here is my Extensionmethod for the location class:

                 

                    public static class LocationExtensions_akquinet
                    {
                        private static Logger logger = LogManager.GetCurrentClassLogger();
                
                        public static bool LogoutUser(this ILocation location)
                        {
                            try
                            {
                                var serverPath = location.ServerUri + "qps";
                
                                if (!string.IsNullOrEmpty(location.VirtualProxyPath))
                                    serverPath += "/"+location.VirtualProxyPath;
                
                                var request = (HttpWebRequest)HttpWebRequest.Create(serverPath + "/user");
                
                                request.CookieContainer = new CookieContainer();
                                foreach (var cookie in location.CustomUserCookies)
                                    request.CookieContainer.Add(new Uri(serverPath), new Cookie(cookie.Key, cookie.Value));
                                var sc = location.SessionCookie().Split(new char[] { '=' });
                                request.CookieContainer.Add(new Uri(serverPath), new Cookie(sc[0], sc[1]));
                                request.Method = "DELETE";
                                request.GetResponse();
                
                                return true;
                            }
                            catch (Exception ex)
                            {
                                logger.Info(ex);
                                return false;
                   catch (Ex
                            }
                        }
                    } 
                

                 

                bye

                Konrad

                  • Re: Qlik sense SSO logout API
                    VISHAL GAURAV

                    Thanks for the snippet Konrad. I assume this code has to be executed from a server where qlik client certificate is already installed.

                    Lets assume we have a web socket connection , already authenticated. Can we direct call qps api from javascript for terminating the user session.

                     

                    Thanks

                    -Vishal

                  • Re: Qlik sense SSO logout API
                    Jean Philippe Golay

                    Hi Lars

                    Konrad advice me to contact you  about a question:

                    I want to pass a X.509 client certificate to the .NET api in order to avoid having to register the root certificate in certmgr.

                    My idea is to store the certificates in the Version Manager repos database and distribute them through the http web requests. In Rest it is possible (restClient.ClientCertificates.Add(mQsHub.QsX509certificate);) but in .NET is there a hack in the api to allow this?
                    Thanks

                      • Re: Qlik sense SSO logout API
                        Lars-Goran Book

                        Hi,
                        In the current version there is no way to supply the certificate to the SDK. A possible solution is to write an extension method that take the certificate as an parameter an stores it as a root certificate. See Working with Certificates

                         

                        Best regards
                        Lars-Göran Book

                          • Re: Qlik sense SSO logout API
                            Konrad Mattheis

                            Hi  Lars-Göran,

                             

                            please have a look at this Support Case: 00891931 - Docu BUG for

                            I think that the Docu is wrong, if you check what the sense web client is doing.

                             

                            1. this reflects in a wrong behauvior of the .NET SDK because you implemented this like documented

                            2. I found out it is even more easy

                                (location as IDisposable).Dispose() is doing at least since .NET SDK 3.0.1 the same thing, if it would implemented right.

                             

                            ebiexperts you can not read the bug ticket, but the right order is:URL/virtualproxy/qps/user/

                             

                            This is the new corrected function:

                             

                             

                            public static class LocationExtensions_akquinet  
                            {  
                                private static Logger logger = LogManager.GetCurrentClassLogger();  
                            
                                public static bool LogoutUser(this ILocation location)  
                                {  
                                    try  
                                    {  
                                        var serverPath = location.ServerUri.AbsoluteUri;
                            
                                        if (!string.IsNullOrEmpty(location.VirtualProxyPath))
                                            serverPath += location.VirtualProxyPath+@"/";
                            
                                        var request = (HttpWebRequest)HttpWebRequest.Create(serverPath + @"qps/user");
                            
                                        request.CookieContainer = new CookieContainer();  
                                        foreach (var cookie in location.CustomUserCookies)  
                                            request.CookieContainer.Add(new Uri(serverPath), new Cookie(cookie.Key, cookie.Value));  
                                        var sc = location.SessionCookie().Split(new char[] { '=' });  
                                        request.CookieContainer.Add(new Uri(serverPath), new Cookie(sc[0], sc[1]));  
                                        request.Method = "DELETE";  
                                        request.GetResponse();  
                            
                                        return true;  
                                    }  
                                    catch (Exception ex)  
                                    {  
                                        logger.Info(ex);  
                                        return false;  
                            catch (Ex  
                                     }  
                                 }  
                             }   
                            

                             

                             

                            bye Konrad

                        • Re: Qlik sense SSO logout API
                          VISHAL GAURAV

                          Hi Lars,

                           

                          I have used qps  personal api (https://help.qlik.com/en-US/sense-developer/2.0/Subsystems/ProxyServiceAPI/Content/ProxyServiceAPI/ProxyServiceAPI-ProxyServiceAPI-Personal-Delete.htm) and called /{virtual proxy}/qps/user after setting the cookie named which is set up in the virtual proxy (X-Qlik-Session).

                           

                          Its tearing down all sessions of the user and behaving like Logout API (https://help.qlik.com/en-US/sense-developer/2.0/Subsystems/ProxyServiceAPI/Content/ProxyServiceAPI/ProxyServiceAPI-ProxyServiceAPI-Logout-Delete-User.htm)

                           

                          I don;t have session Id of the user and can not call the session module API to tear down the specific user session.

                           

                          Can you help me with this. I just want to terminate the particular session.