Editing virtual proxy
You can edit an existing virtual proxy.
Do the following:
-
Select Virtual proxies on the QMC start page or from the StartS drop-down menu to display the overview.
-
Select the virtual proxy that you want to edit and click Edit in the action bar. You can only edit virtual proxies for one proxy at a time.
-
Edit the properties in the Virtual proxy edit window:
The Identification property group contains the basic virtual proxy properties in the Qlik Sense system.
All fields are mandatory and must not be empty.
Property Description Default value Description
The description of the virtual proxy. Blank Prefix The path name in the proxy’s URI that defines each additional path. Example:
https://[node]/[prefix]/
You can only use characters that can be part of a URI path.
You can use slashes (/), but the prefix cannot begin nor end with a slash. Hash signs (#) cannot be used.
Blank Session inactivity timeout (minutes) The maximum period of time with inactivity before timeout. After this, the session is invalid and the user is logged out from the system.
30 minutes Session cookie header name The name of the HTTP header used for the session cookie. This value is blank by default and you must enter a value.
Tip noteIt can be useful to include the value of the Prefix property above as a suffix in the cookie name.Blank The Authentication property group contains the authentication method properties for the virtual proxies in the Qlik Sense system.
Property Description Default value Anonymous access mode How to handle anonymous access:
- No anonymous user
-
Allow anonymous user
- Always anonymous user
No anonymous user Authentication method
- Ticket: a ticket is used for authentication.
- Header authentication static user directory: allows static header authentication, where the user directory is set in the QMC.
- Header authentication dynamic user directory: allows dynamic header authentication, where the user directory is fetched from the header.
- SAML: SAML2 is used for authentication.
Ticket Header authentication header name The name of the HTTP header that identifies users, when header authentication is allowed. Mandatory if you allow header authentication (by selecting either Header authentication static user directory or Header authentication dynamic user directory for the Authentication method property).
Information noteHeader authentication only supports US-ASCII (UTF-8 is not supported).Blank Header authentication static user directory The name of the user directory where additional information can be fetched for header authenticated users. Mandatory if you allow static header authentication (by selecting Header authentication static user directory for the Authentication method property).
Blank Header authentication dynamic user directory Mandatory if you allow dynamic header authentication (by selecting Header authentication dynamic user directory for the Authentication method property). The pattern you supply must contain ‘$ud’, ‘$id’ and a way to separate them.
Example setting and matching header:
$ud\\$id – matches USERDIRECTORY\userid (backslashes must be escaped with an additional \)
$id@$ud – matches userid@USERDIRECTORY ($id and $ud can be in any order)
$ud:::$id – matches USERDIRECTORY:::userid
Blank Windows authentication pattern The chosen authentication pattern for logging in. If the User-Agent header contains the Windows authentication pattern string, Windows authentication is used. If there is no matching string, form authentication is used.
Windows Authentication module redirect URI When using an external authentication module, the clients are redirected to this URI for authentication. Blank (default module, that is Windows authentication Kerberos/NTLM) SAML host URI The server name that is exposed to the client. This name is used by the client for accessing Qlik services, such as the QMC.
The server name does not have to be the same as the machine name, but in most cases it is.
You can use either http:// or https:// in the URI. To be able to use http://, you must select Allow HTTP on the edit page of the proxy that the virtual proxy is linked to.
Mandatory if you allow SAML authentication (by selecting SAML for the Authentication method property).
Blank SAML entity ID ID to identify the service provider. The ID must be unique.
Mandatory if you allow SAML authentication (by selecting SAML for the Authentication method property).
Blank SAML IdP metadata The metadata from the IdP is used to configure the service provider, and is essential for the SAML authentication to work. A common way of obtaining the metadata is to download it from the IdP website.
Click the browse button and open the IdP metadata .xml file for upload. To avoid errors, you can click View content and verify that the file has the correct content and format.
The configuration is incomplete without metadata.
SAML attribute for user ID The SAML attribute name for the attribute describing the user ID.Name or friendly name can be used to identify the attribute.
Blank SAML attribute for user directory The SAML attribute name for the attribute describing the user directory. Name or friendly name can be used to identify the attribute.If the name value is enclosed in brackets, that value is used as a constant attribute value: [example] gives the constant attribute value 'example'.
Blank
SAMLattribute signing algorithm The hash algorithm used for signing SAML requests. In order to use SHA-256, a third-party certificate is required, where the associated private key has the provider "Microsoft Enhanced RSA and AES Cryptographic Provider".
SAML attribute mapping Click Add new attribute to map SAML attributes to Qlik Sense attributes, and define if these are to be required by selecting Mandatory. Name or friendly name can be used to identify the attribute.If the name value is enclosed in brackets, that value is used as a constant attribute value: [example] gives the constant attribute value 'example'. The Load balancing property group contains the load balancing properties for the virtual proxies in the Qlik Sense system.
Property Description Default value Load balancing nodes Click Add new server node to add load balancing to that node. Blank The Advanced property group contains the advanced properties for the virtual proxies in the Qlik Sense system.
Property Description Default value Extended security environment
Enabling this setting will send the following information about the client environment in the security header: OS, device, browser, and IP.
If not selected, the user can run the same engine session simultaneously on multiple devices.
Blank Session cookie domain By default the session cookie is valid only for the machine that the proxy is installed on. This (optional) property allows you to increase its validity to a larger domain. Example:
company.com
Blank (default machine) Additional response headers Headers added to all HTTP responses back to the client. Example:
Header1: value1
Header2: value2
Blank Websocket origin white list All values added here are validated starting from the bottom level. If, for example, domain.com is added, this means that all values ending with domain.com will be approved. If subdomain.domain.com is added, this means that all values ending with subdomain.domain.com will be approved. Blank The Integration property group contains the integration properties for the virtual proxies in the Qlik Sense system.
Property Description Default value Session module base URI The address to an external session module, if any. Blank (default module, that is in memory) Load balancing module base URI The address to an external load balancing module that selects which Qlik Sense engine to use for the user’s session, if any. Blank (default module, that is round robin) The Tags property group contains the available QMC tags in the Qlik Sense system.
Property Description Tags Information noteIf no QMC tags are available, this property group is empty.Click the text box to be display a list of the available QMC tags. Start typing to reduce the list. Connected tags are displayed under the text box.
The Custom properties property group contains the custom properties in the Qlik Sense system. When a custom property has been activated for a resource, you can use the drop-down to select a custom property value.
Property Description Custom properties If no custom properties are available, this property group is not displayed at all (or displayed but empty) and you must make a custom property available for this resource type before it will be displayed here. -
Click Apply to save your changes. If a mandatory field is empty, Apply is disabled.
-
Edit the fields under Associated items.
Node The proxy name. Status One of the following statuses is displayed:
-
Running
The service is running as per normal.
-
Stopped
The service has stopped.
-
Disabled
The service has been disabled.
Tip noteClick ] in the Status column for more detailed information on the status.Service listen port HTTPS (default) The secure listen port for the proxy, which by default manages all Qlik Sense communication.
Information noteMake sure that port 443 is available for the Qlik Sense Proxy Service (QPS) to use because the port is sometimes used by other software, for example, web servers.Allow HTTP Status values: Yes or No.
Yes: Unencrypted communication is allowed. This means that both https (secure communication) and (http) unencrypted communication is allowed.
Service listen port HTTP The unencrypted listen port, used when HTTP connection is allowed.
Authentication listen port HTTPS (default) The secure listen port for the default (internal) authentication module.
Kerberos authentication Status values: Yes or No.
Yes: Kerberos authentication is enabled.
Authentication listen port HTTP The unencrypted authentication listen port, used when HTTP connection is allowed.
SSL browser certificate thumbprint The thumbprint of the Secure Sockets Layer (SSL) certificate that handles the encryption of traffic from the browser to the proxy.
Keep-alive timeout (seconds) The maximum timeout period for a single HTTP request before closing the connection. Protection against denial-of-service attacks. This means that if an ongoing request exceeds this period, Qlik Sense proxy will close the connection. Increase this value if your users work over slow connections and experience closed connections.
Max header size (bytes) The maximum total header size. Max header lines The maximum number of lines in the header. Audit activity log level Levels: Off or Basic (a limited set of entries)
Audit security log level Levels: Off or Basic (a limited set of entries)
Service log level Each level from Error to Info includes more information than the previous level. Audit log level More detailed, user-based messages are saved to this logger, for example, proxy calls.
Each level from Fatal to Debug includes more information than the previous level.
Performance log level All the performance messages are saved to this logger. For example, performance counters and number of connections, streams, sessions, tickets, web sockets and load balancing information.
Each level from Fatal to Debug includes more information than the previous level.
Security log level All the certificates messages are saved to this logger.
Each level from Fatal to Debug includes more information than the previous level.System log level All the standard proxy messages are saved to this logger.
Each level from Fatal to Debug includes more information than the previous level.Performance log interval (minutes) The interval of performance logging. REST API listen port The listen port for the proxy API. ID The ID of the proxy. Created The date and time when the proxy was created. Last modified The date and time when the proxy was last modified. Modified by By whom the proxy was modified. <Custom properties> Custom properties, if any, are listed here. SR Sort the list ascending or descending. Some columns do not support sorting.
. Type a string to filter on, or, when available, select a predefined value. All rows that match your filter criteria are displayed. You can filter on multiple columns simultaneously to narrow your search. If a filter is applied to a column, . is displayed.
To remove your criteria, click Actions in the table header bar and select Clear filters and search.
You can combine filtering with searching.
Edit Edit the selected proxy. Unlink Unlink a proxy service from the selected proxy.
Information noteA virtual proxy must be linked to a proxy service in order to work.P Link Link a proxy service to the selected proxy. Show more items The overview shows a set number of items by default. To show more items, scroll to the end of the list and click Show more items. Sorting and filtering of items is always done on the full database list of items, not only the items that are displayed.
-
-
Click Apply in the action bar to save your changes.
Information noteIn most cases, the proxy must be restarted when you apply changes to the virtual proxy. Sessions handled by the proxy, to which the virtual proxy is linked, are ended and the users are logged out. Changes to the following resources in the virtual proxy will not generate an automatic restart of the proxy: Tags, Custom properties, and Load balancing nodes.Successfully updated is displayed at the bottom of the page.
Learn more
Did this page help you?
If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!