connectionSettings - qlik-oss/gopherciser GitHub Wiki
This section of the JSON file contains connection information.
JSON Web Token (JWT), an open standard for creation of access tokens, or WebSocket can be used for authentication. When using JWT, the private key must be available in the path defined by jwtsettings.keypath.
Keypairs are most easily created using openssl. The private key is used by gopherciser and the public key used to when configuring the Sense environment. If no Alg is defined it will default to RS512.
Supported signing algorithms in QSEoW Virtual proxy are: RS256, RS384, RS512. Elliptical curve algorithms are not supported in QSEoW virtual proxies.
# Generate a 4096 bit private key
openssl genrsa -out privatekey.pem 4096
# Generates a certificate valid for one year
openssl req -new -x509 -key ./keyfiles/rsa.key -out ./keyfiles/rsa.cer -days 365 The generated rsa.cer is what's used when creating the virtual proxy with JWT Authentication Method in QSEoW.
-
mode: Authentication mode-
jwt: JSON Web Token -
ws: WebSocket
-
-
jwtsettings: (JWT only) Settings for the JWT connection.-
keypath: Local path to the JWT key file. -
jwtheader: JWT headers as an escaped JSON string. Custom headers to be added to the JWT header. -
claims: JWT claims as an escaped JSON string. -
alg: The signing method used for the JWT. Defaults toRS512for RSA private keys if omitted.- For keyfiles in RSA format, supports
RS256,RS384,RS512,PS256,PS384andPS512. - For keyfiles in EC format, supports
ES256,ES384orES512. - For keyfiles in ed25519 format, supports
EdDSA
- For keyfiles in RSA format, supports
-
-
wssettings: (WebSocket only) Settings for the WebSocket connection. -
server: Qlik Sense host. -
virtualproxy: Prefix for the virtual proxy that handles the virtual users. -
rawurl: Define the connect URL manually instead letting theopenappaction do it. Note: The protocol must bewss://orws://. -
port: Set another port than default (80for http and443for https). -
security: Use TLS (SSL) (true/false). -
allowuntrusted: Allow untrusted (for example, self-signed) certificates (true/false). Defaults tofalse, if omitted. -
appext: Replaceappin the connect URL for theopenappaction. Defaults toapp, if omitted. -
headers: Headers to use in requests. -
maxframesize: (Default 0 - No limit). Max size in bytes allowed to be read on sense websocket.
"connectionSettings": {
"server": "myserver.com",
"mode": "jwt",
"virtualproxy": "jwt",
"security": true,
"allowuntrusted": false,
"jwtsettings": {
"keypath": "mock.pem",
"claims": "{\"user\":\"{{.UserName}}\",\"directory\":\"{{.Directory}}\"}"
}
}-
jwtsettings:
The strings for reqheader, jwtheader and claims are processed as a GO template where the User struct can be used as data:
struct {
UserName string
Password string
Directory string
}There is also support for the time.Now method using the function now.
-
jwtheader:
The entries for message authentication code algorithm, alg, and token type, typ, are added automatically to the header and should not be included.
Example: To add a key ID header, kid, add the following string:
{
"jwtheader": "{\"kid\":\"myKeyId\"}"
}-
claims:
Example: For on-premise JWT authentication (with the user and directory set as keys in the QMC), add the following string:
{
"claims": "{\"user\": \"{{.UserName}}\",\"directory\": \"{{.Directory}}\"}"
}Example: To add the time at which the JWT was issued, iat ("issued at"), add the following string:
{
"claims": "{\"iat\":{{now.Unix}}"
}Example: To add the expiration time, exp, with 5 hours expiration (time.Now uses nanoseconds), add the following string:
{
"claims": "{\"exp\":{{(now.Add 18000000000000).Unix}}}"
}connectionSettings": {
"server": "myserver.com",
"mode": "ws",
"security": true,
"virtualproxy" : "header",
"headers" : {
"X-Sense-User" : "{{.UserName}}"
}