I’m currently attempting to connect Qlik Sense to my React application to incorporate mashups. However, I’m facing a challenge with the authentication process. When users try to access the application, they are directed to the internal Windows authentication due to the event ‘OnAuthenticationInformation’ with ‘mustAuthenticate’ set to true. After they log in, they should return to the local app with a valid Qlik ticket, and ‘mustAuthenticate’ should not be true anymore. Nevertheless, I’m experiencing a problem where ‘mustAuthenticate’ remains true even after the successful login. Has anyone experienced this before or does anyone have suggestions on resolving it?
This usually comes down to how the authentication flow handles state between your React app and the Qlik server.
I hit something similar two years ago. Windows authentication would complete fine, but enigma.js wasn’t picking up the authenticated state properly.
What fixed it for me was adding a proper authentication check before starting the enigma connection. Don’t just rely on the OnAuthenticationInformation event - add a manual session validation step.
Try this: after the redirect back from Windows auth, make a simple REST call to your Qlik server to confirm the session’s actually authenticated before creating your enigma websocket connection. Hit /qrs/about or /sense/app to verify you can access resources.
Also check your IIS config if you’re on Windows. Sometimes the authentication modules don’t pass session context correctly to websocket connections, even when regular HTTP requests work fine.
The key is separating authentication validation from enigma connection setup. Don’t let enigma handle auth state - verify it’s working first, then connect.
This authentication loop happens when ticket validation works but the session context disappears during redirect. I’ve seen this with QlikSense Enterprise - the OnAuthenticationInformation event keeps firing even with valid credentials. Usually, it’s a timing issue. The enigma.js connection tries to establish before the authentication state fully loads. Try adding a small delay after redirect or validate the session explicitly before creating your enigma connection. Another common problem: virtual proxy config doesn’t handle the Windows auth return URL properly, which resets the session. Check your QMC logs during auth to see if tickets get invalidated right after creation. Sometimes, tweaking the session timeout values in virtual proxy settings fixes it.
yep, it seems like a session problem. make sure your server’s validating tickets properly - sometimes they get created but fail during redirects. also, verify your enigma settings for correct session management.
The Problem:
You’re experiencing an authentication loop when connecting your React application to Qlik Sense using mashups. After successful Windows authentication, the OnAuthenticationInformation event’s mustAuthenticate property remains true, preventing your application from proceeding. This suggests a problem with session management or context preservation between the Windows authentication redirect and the subsequent Qlik Sense connection.
Understanding the “Why” (The Root Cause):
The issue stems from a mismatch or breakdown in how authentication state is handled between your React application, the Windows authentication process, and the Qlik Sense server. While the Windows authentication might succeed and provide a valid Qlik ticket, this ticket’s context isn’t properly propagated or maintained during the redirect back to your React application. This leads to the Qlik Sense engine continuing to request authentication, even though a valid ticket exists. The problem lies in the flow of information between your client-side application, the external authentication, and the Qlik Sense server.
Step-by-Step Guide:
-
Explicit Session Validation Before Enigma Connection: Don’t rely solely on the
OnAuthenticationInformationevent. After the redirect from Windows authentication, make a separate API call to your Qlik Sense server to explicitly validate the user’s session before attempting to establish the Enigma.js connection. This call can be a simple request to a Qlik Sense resource like/qrs/aboutor/sense/app. A successful response confirms authentication. Only after this validation has succeeded should you proceed with creating the Enigma.js connection. -
Check Cookie Settings and Domain Configuration: Ensure your React application and the Qlik Sense server share the same domain or that your virtual proxy configuration in the Qlik Management Console (QMC) correctly handles cross-origin requests. Improper cookie settings or domain configurations can prevent the authentication cookie from being correctly set and shared between your application and the Qlik Sense server. Configure your virtual proxy settings in QMC to specifically allow your React application’s origin.
-
Review IIS Configuration (if applicable): If your Qlik Sense server uses Internet Information Services (IIS), check the IIS configuration to ensure that authentication modules correctly pass session context to WebSocket connections. Sometimes, standard HTTP requests succeed, but WebSocket connections lose session data during authentication handling.
-
Examine QMC Logs: During authentication, carefully review the QMC logs for clues. Look for any indications of the ticket becoming invalidated after creation, or any errors related to session management. This often reveals problems with how your configuration handles authentication responses.
Common Pitfalls & What to Check Next:
- Timing Issues: A small delay might be necessary after the redirect from Windows authentication to allow the authentication state to fully propagate before establishing the Enigma.js connection.
- Virtual Proxy Configuration: Verify that your virtual proxy is correctly configured to handle the redirect URL from Windows authentication. Misconfigurations can reset the session.
- Enigma.js Configuration: Double-check the
enigma.jsconfiguration to make sure it’s using the correct protocol and port for your Qlik Sense deployment. - Session Timeout: Review and adjust session timeout settings in your QMC to accommodate potential delays in the authentication flow.
Still running into issues? Share your (sanitized) config files, the exact command you ran, and any other relevant details. The community is here to help!
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.