SSL Offloading on Load Balancer for Qlik Sense was working fine. After Qlik Sense is upgraded from 3.x to June 2017 release, the user could not access Qlik Sense anymore.
When setting up SSL Offloading on Load Balancer for Qlik Sense, starting from Qlik Sense June 2017, a small change is introduced which is the return url from Qlik Sense after Windows Authentication will adds port 80.
For example, the load balancer is set up as below.
The load balancer will have 443 to listen the inbound https request from the client browser. After getting it, load balancer will redirect to Qlik Sense through http at port 4248 to implement windows authentication. Once user put the login credential, Qlik Sense will redirect the request to port 80 for complete the http request and return that url to Load Balancer further to the Client browser. Since Qlik Sense June 2017 and on wards version, port 80 will be added into the return url after the windows authentication, this requires the load balancer to be configured to convert this 80 before sending it back to the client browser.
Here is the example of the flow after the user logs in load balancer to access Qlik Sense:
Browser Request: https://<LBdomainurl>/qmc/
HTTP/1.1 302 Authenticate at this location
HTTP/1.1 302 Found
The load balancer could be configured to convert the url https://<LBdomainurl>:80/qmc/?qlikTicket=yIWhOHuruj0C7idG