Issue connecting to remote QEA server

Question

Issue connecting to remote QEA server

opened this issue 8 years ago · comments

QSocks version: 2.1.14
Qlik Sense version: 2.2.3+Build:37.release/ms15

It appears as though a connection to a remote QEA will never complete the initial Connect() call.

In the this.ws.addEventListener('open', function open() { handler a request for product version is sent.

When the response comes back from the server, in the onmessage handler, it will not be completed because the product version call was never added to the pending queue (and thus the if (pending) { block never executed).

So, when qsocks.Connect() is called it will appear to the caller that the promise is never completed and no error is thrown.

Alexander Thor · Answer 1 · Wed Jun 01 2016 00:03:50 GMT+0800 (China Standard Time)

You are running a fairly old version of qsocks, I would consider upgrading.

And yes that is the correct behavior, for client connections qsocks sends a ProductVersion frame when the socket opens. That in turn will trigger a OnAuthenticationInformation frame to be sent by the server back. When this frame arrives there is check if you have to go authenticate or not and the promise resolves or rejects accordingly.

There is a special case for service connections that uses certificate auth and with a valid x-qlik-user header then the connection will resolve instantly.

Deleted user · Answer 2 · Wed Jun 01 2016 00:50:12 GMT+0800 (China Standard Time)

Thanks for the quick reply. I upgraded to 2.2.10.

For anybody playing along, yes, supplying a magic string for the X-Qlik-User header triggers the correct logic:

headers: {
    'X-Qlik-User': 'UserDirectory=Internal;UserId=sa_repository'
}

If that's not supplied, however, I do not see the OnAuthenticationInformation frame hitting the onmessage handler, which means that the promise never completes or fails. Can you replicate?

I'd expect either a 403 from the server, or a check to see if X-Qlik-User isn't there when a client cert is supplied. It looks like you already check to see if the client cert is there if the X-Qlik-User is supplied to checking the other case might make sense.

Alexander Thor · Answer 3 · Wed Jun 01 2016 01:27:08 GMT+0800 (China Standard Time)

Ah yea, I could probably do a check for it but it's kinda assumed you pass the X-Qlik-User header when using certificate authentication.

Btw, since you are authenticating your requests using the certificates you can pass whatever userdirectory and userid you want if you want to emulate for example user privileges.

But I'll add another check to the backlog, thanks!