The return URL used by Qlik Sense after Windows Authentication adds port 80. This can cause a challenge when setting up SSL Offloading with a 3rd party Load Balancer.
Environment:
Qlik Sense Enterprise on Windows
For example, the load balancer is set up as below.
The load balancer will have 443 to listen the inbound https request from the client browser. After getting it, load balancer will redirect to Qlik Sense through http at port 4248 to implement windows authentication. Once user put the login credential, Qlik Sense will redirect the request to port 80 for complete the http request and return that url to Load Balancer further to the Client browser. Since Qlik Sense June 2017 and on wards version, port 80 will be added into the return url after the windows authentication, this requires the load balancer to be configured to convert this 80 before sending it back to the client browser.
Here is the example of the flow after the user logs in load balancer to access Qlik Sense:
Browser Request: https://<LBdomainurl>/qmc/
CONNECT <LBdomainurl> :443 HTTP/1.1
Qlik Response:
HTTP/1.1 302 Authenticate at this location
Location: https:// <LBdomainurl> :4248/windows_authentication/?targetId=60055f6e-9f7b-40d3-a8c3-e40e3db7ac03
Web Browser:
CONNECT <LBdomainurl> :4248 HTTP/1.1
GET https:// <LBdomainurl> :4248/windows_authentication/?targetId=60055f6e-9f7b-40d3-a8c3-e40e3db7ac03
Qlik Response
HTTP/1.1 302 Found
Location: https:// <LBdomainurl> :80/qmc/?qlikTicket=yIWhOHuruj0C7idG
Web Browser:
CONNECT <LBdomainurl> :80 HTTP/1.1
The load balancer could be configured to convert the url https:// <LBdomainurl> :80/qmc/?qlikTicket=yIWhOHuruj0C7idG to https:// <LBdomainurl> /qmc/?qlikTicket=yIWhOHuruj0C7idG .