Header authentication is often used in conjunction with a Single Sign-On (SSO) system that supplies a reverse proxy or filter for authenticating the user.
The figure below shows a typical flow for authenticating a user using header authentication.
- The user accesses the system and authenticates to the reverse proxy.
- The reverse proxy injects the username into a defined HTTP header. The header must be included in every request to the Qlik Sense proxy service (QPS).
- The user is authenticated.
Information noteFor this solution to be secure, the end-user must not be able to communicate directly with the QPS but instead be forced to go through the reverse proxy/filter.
Information noteThe reverse proxy/filter must be configured to preserve the host name, that is, the host header from the client must not be modified by the reverse proxy/filter.
Tip noteThe name of the HTTP header used for the user can be configured in the Qlik Management Console (QMC).
Did this page help you?
If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!