Users interact with Qlik Sense using authenticated communication through one or more proxies. Information is transferred using cookies. The cookies are necessary regardless of authentication type used.
When using a web browser, the web browser sends a ticket to the proxy. The proxy then returns a cookie to the browser and this cookie is included in the communication with the Qlik engine.
When using a custom client, the client must set the cookie and provide it to the proxy.
Authentication is the procedure of verifying the identity and credentials of users wishing to access Qlik Sense. It can be done in various ways:
- Windows authentication using cookies
- HTTP header authentication using cookies and headers. Header authentication should only be used when custom authentication systems are used.
You can also extend with custom authentication modules.
- All traffic to Qlik Sense goes through the proxy.
- A user needs a valid cookie to authenticate.
- If no valid cookie is present:
- Qlik Sense redirects the user to an authentication module. This can be configured in the Qlik Management Console (QMC).
- The authentication module authenticates the user and instructs the proxy to set up a session.
- It either decides the cookie or lets the proxy generate one.
- In case of a browser client, it returns a one-time ticket to be sent to the proxy. The proxy then sets up the cookie.
- In case of a native client, it is still possible to use a ticket, but it is also possible to hand the cookie over directly.
- Since the typical client is a browser, the authentication module normally redirects the user back to the proxy, using a one time ticket.
Authorization is the procedure of granting or denying users access to resources. There are two systems of authorization in Qlik Sense:
- Access control
- Data reduction
One or more virtual proxies can run on the Qlik Sense Proxy Service (QPS), making it possible to support several sets of site authentication, session handling, and load balancing strategies on a single proxy node.
Proxy service APIs
The following Proxy Service APIs are available for authentication purposes:
- Session module API
- Authentication API
- Session API
- Personal API
- Logout API