The ticket solution is similar to a normal ticket. The user receives a ticket after having been verified. The user then brings the ticket to Qlik Sense and, if the ticket is valid, is authenticated. In order to keep the tickets secure, the following restrictions apply:
- A ticket is only valid for a short period of time.
- A ticket is only valid once.
- A ticket is random and therefore hard to guess.
All communication between the authentication module and the Qlik Sense proxy service (QPS) uses Transport Layer Security (TLS) and must be authorized using certificates.
The figure below shows a typical flow for authenticating a user with tickets.
- The user accesses Qlik Sense.
- Qlik Sense redirects the user to the authentication module. The authentication module verifies the user identity and credentials with an identity provider.
- Once the credentials have been verified, a ticket is requested from the QPS. Additional properties may be supplied in the request.
- The authentication module receives a ticket.
- The user is redirected back to the QPS with the ticket. The QPS checks that the ticket is valid and has not timed out.
- A proxy session is created for the user.
- The user is now authenticated.
Did this page help you?
If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!