Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE

QlikView Server: Request a ticket with Postman or Powershell

No ratings
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Damien_Villaret
Support
Support

QlikView Server: Request a ticket with Postman or Powershell

Last Update:

Feb 17, 2022 8:45:10 AM

Updated By:

Sonja_Bauernfeind

Created date:

Mar 25, 2017 11:04:29 AM

This article explains how to request a ticket using GetWebTicket.aspx in QlikView Server.
It is strongly recommended to use IIS as the web server as it allows more granular settings for permissions.
GetTicket.aspx is deprecated in version 11.20 and higher. GetWebTicket.aspx should be used instead.

For more information regarding customized authentication, please see Customized Authentication in QlikView 11. If you need help on how to set up a custom authentication solution, please contact our consulting services.



Environment:

 

Resolution:

 

How to request a Ticket:

 

Postman

 

In order to request a ticket with Postman, you need to send the request to:

POST http://qlikviewserver/QvAJAXZfc/GetWebTicket.aspx

Body:

 

 

<Global method="GetWebTicket">
<UserId>DOMAIN\Administrator</UserId>
</Global>

 

 

(group attributes can also be included, see "customized authentication" documentation for details)

Expected result:

 

 

<Global>
    <_retval_>BZznfwTAjEshDu/k1QMwBFBXpAoYG9KYjzTGxy4g</_retval_>
</Global>

 

 



POST global getWebTicket.png

Also, include the authentication information:

New HTML Authentication BETA.png

 

 

Powershell

 

Note: If using Powershell to test locally on the machine, you need to allowlist the IPv6 address in addition to the IPv4 address. If making the call from another machine, this is not necessary.

$hdrs = @{}
$hdrs.Add("Cache-Control","no-cache")
$hdrs.Add("Content-Type", "text/plain")
$url = "http://YOURSERVER/QvAJAXZfc/GetWebTicket.aspx"
$body = '<Global method="GetWebTicket"><UserId>DOMAIN\USER</UserId></Global>'
$res = Invoke-RestMethod -Uri $url -Method Post -Body $body
$res.result.message
$res.global


Success:

_retval_
--------
lTEnbaCCTa/ebuzUiTc6zXPybVYLJuxtZ7IU9Kvo


Failure:

text
----
Invalid call

 

Directly from the browser

 

This is also possible to request the ticket directly from a browser. However note that based on the web server settings, it might not be allowed, regarding this point see article Web Ticket Stops Working After Upgrade To QlikView 12 From 11.20

http://qlikserver1.domain.local/QvAjaxZfc/GetWebTicket.aspx?cmd=<Global%20method="GetWebTicket"><Use...;




How to use the ticket:

Open a single document:
                        http://qlikviewserver/qvajaxzfc/authenticate.aspx?type=html&try=/qvajaxzfc/opendoc.htm?document=document_path_and_name&back=/LoginPage.htm&webticket=ticket

Open a single document (IE Plugin):

 
 http://qlikviewserver/qvajaxzfc/authenticate.aspx?type=html&try=/qvajaxzfc/AccessPoint.aspx?open=Path_to_document_with_=_sign_and_&_sign_that_are_url_encoded%26client%3DPlugin&back=/LoginPage.htm&webticket=ticket

Example> http://qlikviewserver/qvajaxzfc/authenticate.aspx?type=html&try=/qvajaxzfc/AccessPoint.aspx?open=%26id%3DQVS%40qlikviewserver%7CMovies%20Database.qvw%26client%3DPlugin&back=/LoginPage.htm&webticket=?oqEkUR+0a+1KE/mWN2kd1E9cE85JZFXZmCjyYaDS

Original link when opened from access point: 
http://qlikviewserver/qvajaxzfc/AccessPoint.aspx?open=&id=QVS%40qlikviewserver%7CMovies%20Database.q...
 

Open a single object:
                       http://qlikviewserver/qvajaxzfc/authenticate.aspx?type=html&try=/qvajaxzfc/singleobject.htm?document=document_path_and_name%26object%3DDocument\objectid&back=/LoginPage.htm&webticket=ticket

                       Example> In order to display object CH256 for document "prescription tracker.qvw", the following will be used:
                       http://qlikviewserver/qvajaxzfc/authenticate.aspx?type=html&try=/qvajaxzfc/singleobject.htm?document...CH256&back=/LoginPage.htm&webticket=oqEkUR+0a+1KE/mWN2kd1E9cE85JZFXZmCjyYaDS

                       Note: %26 stands for url-encoded "&" and %3D stands for url-encoded "=" sign.
                    
Open Access Point:
                        http://qlikviewserver/qvajaxzfc/authenticate.aspx?type=html&try=/qlikview&back=/LoginPage.htm&webticket=ticket


Common problems and troubleshooting:

Problem: Nothing returned
Resolution: If the server is https-enabled, then access the server via a web browser and dismiss the certificate warning. You should now be able to make API calls.

Problem: "Root element is missing"
Resolution: The request body is empty or incorrect, check the request body syntax.


Problem: "Invalid Call" or "Unauthorized"
Resolution: This is due to a permission issue.

IIS: Make sure that you have set up "Anonymous Authentication" only on QvAjaxZfc and "Windows authentication" only on GetWebTicket.aspx in IIS Manager if you use Windows Authentication (Be aware that if you use "alternate login page", this might not work properly with Postman).
If you want to use Trusted IP instead, you need to set up "Anonymous Authentication" only for both files and set the IP in the config.xml located in C:/Programdata/Qliktech/WebServer.

IIS Authentication QvAjaxZfc.png


For GetWebTicket.aspx permissions, in QvAjaxZfc choose "Content view", right-click on "GetWebTicket.aspx" and choose "Switch to feature view", then choose "authentication"

IIS Authentication GetWebTicket.png

In order to check from which IP the request is coming, you can check IIS logs in C:\inetpub\logs\LogFiles\W3SVC1
You will see a line like this after you tried to connect:


2017-03-28 09:31:23 172.16.16.100 POST /QvAjaxZfc/GetWebTicket.aspx - 80 - 10.88.5.106 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/57.0.2987.110+Safari/537.36 200 0 0 55


QVWS: If you set up a <TrustedIP> tag in the config.xml, QVWS will consider that you want to use Trusted IP as authentication mode for GetWebTicket.aspx. Windows authentication can only be used if no <TrustedIP> tag is set up in the config.xml. You will get "Invalid call" or "Unauthorized" from any machine that does not have its IP in the list. 

Locate the file at C:\ProgramData\QlikTech\WebServer\config.xml, and then locate this line:

<GetTicket url="/QvAjaxZfc/GetTicket.aspx" />

And then add the following below it (noting to use your server's address if you are running this from within the server. You can get this address via the ipconfig command)

<GetWebTicket url="/QvAjaxZfc/GetWebTicket.aspx">
    <TrustedIP>172.16.16.100</TrustedIP>
</GetWebTicket>


You do not need to restart the server after adding this line to the config.xml file; the changes should be reflected immediately.
 

Note: Qlik does NOT support the configuration or implementation of non-Qlik or Operating System related software. 

Note: Qlik does NOT support IIS or its features / installation. This documentation is only for testing and can be used as a base for configuration. Any concerns or issues with IIS or its configuration / use will need to be brought to the attention of Microsoft Support or the environments proper IT Support team.

Note: Debugging or writing custom code is supported by the Qlik Professional Services or Presales teams. These examples are provided for demonstration purposes to explain specific scenarios. No Support or maintenance is implied or provided. Further customization is expected to be necessary and it is the responsibility of the end administrator to test and implement an appropriate rule for their specific use case.



 

QlikView
Thumbnail of QlikView
QlikView
Labels (1)
Labels:
3,663 Views
Was this article helpful? Yes No
Contributors
Version history
Last update:
‎2022-02-17 08:45 AM
Updated by:
Digital Support