Problem getting Authentication - Sense using certificates to work
Closed this issue · 1 comments
Description
I have downloaded the example where authentication is done via certificates.
I have exported the pem files via the QMC
https://help.qlik.com/en-US/sense/June2018/Subsystems/ManagementConsole/Content/export-certificates.htm
I have modified the example to our settings.
Here is the code I'm trying with:
const enigma = require('enigma.js');
const WebSocket = require('ws');
const path = require('path');
const fs = require('fs');
const schema = require('enigma.js/schemas/12.20.0.json');
const engineHost = 'clsestolab01';
const enginePort = 443;
const appId = 'engineData';
const userDirectory = 'CLIMBER';
const userId = 'clman';
const certificatesPath = '../Cert';
const readCert = filename => fs.readFileSync(path.resolve(__dirname, certificatesPath, filename));
const session = enigma.create({
schema,
url: wss://${engineHost}:${enginePort}/app/${appId},
createSocket: url => new WebSocket(url, {
ca: readCert('root.pem'),
key: readCert('client_key.pem'),
cert: readCert('client.pem'),
headers: {
'X-Qlik-User': UserDirectory=${encodeURIComponent(userDirectory)}; UserId=${encodeURIComponent(userId)},
},
}),
});
session.open().then((global) => {
console.log('Session was opened successfully');
return global.getDocList().then((list) => {
const apps = list.map(app => ${app.qDocId} (${app.qTitle || 'No title'})).join(', ');
console.log(Apps on this Engine that the configured user can open: ${apps});
session.close();
});
}).catch((error) => {
console.log('Failed to open session and/or retrieve the app list:', error);
process.exit(1);
});
The result is the following error message:
Failed to open session and/or retrieve the app list: ErrorEvent {
target:
WebSocket {
domain: null,
_events:
{ open: [Object],
close: [Object],
error: [Object],
message: [Object] },
_eventsCount: 4,
_maxListeners: undefined,
readyState: 3,
protocol: '',
_binaryType: 'nodebuffer',
_closeFrameReceived: false,
_closeFrameSent: false,
_closeMessage: '',
_closeTimer: null,
_closeCode: 1006,
_extensions: {},
_isServer: false,
_receiver: null,
_sender: null,
_socket: null,
url: 'wss://clsestolab01:443/app/engineData',
_req: null },
type: 'error',
message: 'unable to get local issuer certificate',
error: { Error: unable to get local issuer certificate
at TLSSocket. (_tls_wrap.js:1105:38)
at emitNone (events.js:106:13)
at TLSSocket.emit (events.js:208:7)
at TLSSocket._finishInit (_tls_wrap.js:639:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:469:38) code: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY' } }
There isn't really that much that I have changed in the example code.
I'm wondering if the example code still works for you?
Or if you know how to solve the problem?
I found some posts on the net that said that something in NodeJs changed around version 4 or 5 that could cause this type of error.
Steps to Reproduce
- [Step one]
- [Step two]
- ...
Expected behavior
[What you expected to happen]
Actual behavior
[What actually happened]
Environment
Library
[X] Node.js
[ ] Browser
Operating system
[X] Windows
[ ] OSX
[ ] Linux
Qlik Sense
[ ] Desktop
[X] Enterprise
Versions
- Node.js: 8.11.3
- Browser: NA
- Qlik Sense: QlikSense June 2018
- Operating system: Windows Server 2016
- [Other relevant versions]
I finally got this working. The thing that I changed was const userDirectory = 'CLIMBER';
const userId = 'clman';. In the guide I was following (https://community.qlik.com/docs/DOC-19383) you set JWT attribute for User ID to UserId and JWT attribute for user directory to UserDirectory. If I would have set this to userId and userDirectory instead as you have in your example file it would have worked. Perhaps if the comment had explained that there is a correlation to what has been entered under virtual proxy in Sense I would have figured it out straight away.