Initial release

LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2014 Rikard Braathen
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

README.txt

@@ -0,0 +1,81 @@
+WHAT IS QLIK-AUTH?
+
+  qlik-auth is an attempt of simplyfing custom authentication with the Qlik
+  Sense and QlikView products. This module for Node.js takes care of the ticket
+  request and redirection. It allows a developer to focus on obtaining the user
+  profile, provide it in a function call, and the rest will be automated.
+
+REQUIREMENTS
+
+ - Node.js (including npm) <https://nodejs.org>
+
+INSTALLATION
+
+    npm install qlik-auth
+
+SETUP FOR QLIK SENSE
+
+  Typically a custom authentication module in Qlik Sense would be called
+  through a virtual proxy. Refer to Qlik Sense documentation how to set this
+  up and configure it properly to access your custom built module.
+
+ - In the minimal example below a simple webserver is created with Node.js
+   which listens on port 1337. This is the server and port you need to map in
+   the virutal proxy configuration.
+
+ - Export the client/server certificates from QMC and copy them to the same
+   directory as your script. If it's necessary to provide a password, see the
+   Advanced section below.
+
+SETUP FOR QLIKVIEW
+
+  QlikView would need to be configured for using webtickets, this includes
+  changing Windows Authentication to Anonymous Authentication and configuring
+  IP white lists as trust.
+
+  QlikView support is coming soon!
+
+EXAMPLE
+
+  This is just a minimal example to demonstrate how simple it is to use the
+  module. The code below should only be seen as a demonstration and a way to
+  get started. Normally you would want to run the server as HTTPS.
+
+    var http = require('http');
+    var qlikauth = require('qlik-auth');
+    http.createServer(function (req, res) {
+
+      //Define user directory, user identity and attributes
+      var profile = {
+        'UserDirectory': 'QTSEL', 
+        'UserId': 'rfn',
+        'Attributes': []
+      }
+
+      //Make call for ticket request
+      qlikauth.requestTicket(req, res, profile);
+
+    }).listen(1337, '0.0.0.0');
+    console.log('Server running at http://localhost:1337/');
+
+ADVANCED USAGE
+
+  The module exposes a function called requestTicket which has the following
+  parameters:
+
+    function(req, res, profile, certificate, proxyRestUri, targetId)
+
+ - In case the certificate is password protected it's possible to provide both
+   the location and filename of the certificate together with a passphrase. It
+   could look like this:
+
+     var certificate = {
+       'filename': './certificates/client.pfx',
+       'passphrase': 'MyVerySecretPassphrase'
+     }
+
+ - When Qlik Sense is redirecting to a custom authentication module it passes
+   proxyRestUri and targetId as parameters. These are normally handled by the
+   function automatically, but for scenarios where it might be necessary to
+   redirect to another Identity Provider for example, these parameters must be
+   stored away and supplied manually.

index.js

@@ -0,0 +1,86 @@
+var url = require('url');
+var fs = require('fs');
+var https = require('https');
+var crypto = require('crypto');
+
+module.exports = {
+
+    requestTicket: function(req, res, profile, certificate, proxyRestUri, targetId) {
+
+        if (undefined == proxyRestUri) {
+            var queryData = url.parse(req.url, true).query;
+            proxyRestUri = queryData.proxyRestUri;
+        }
+        if (undefined == targetId) {
+            var queryData = url.parse(req.url, true).query;
+            targetId = queryData.targetId;
+        }
+
+        if (undefined == certificate)
+        {
+            certificate = {
+                'filename': './client.pfx',
+                'passphrase': ''
+            }
+        }
+
+        //Configure parameters for the ticket request
+        var xrfkey = this.generateXrfkey();
+        var options = {
+            host: url.parse(proxyRestUri).hostname,
+            port: url.parse(proxyRestUri).port,
+            path: url.parse(proxyRestUri).path + '/ticket?xrfkey=' + xrfkey,
+            method: 'POST',
+            headers: { 'X-Qlik-Xrfkey': xrfkey, 'Content-Type': 'application/json' },
+            pfx: fs.readFileSync(certificate.filename),
+            passphrase: certificate.passphrase,
+            rejectUnauthorized: false,
+            agent: false
+        };
+
+        //Send ticket request
+        var ticketreq = https.request(options, function (ticketres) {
+            ticketres.on('data', function (d) {
+                //Parse ticket response
+                var ticket = JSON.parse(d.toString());
+
+                //Build redirect including ticket
+                if (ticket.TargetUri.indexOf("?") > 0) {
+                        redirectURI = ticket.TargetUri + '&QlikTicket=' + ticket.Ticket;
+                    } else {
+                        redirectURI = ticket.TargetUri + '?QlikTicket=' + ticket.Ticket;
+                    }
+
+                res.writeHead(302, {"Location": redirectURI});
+                res.end();
+            });
+        });
+
+        //Send JSON request for ticket
+        var jsonrequest = JSON.stringify({ 'UserDirectory': profile.UserDirectory,
+                                           'UserId': profile.UserId,
+                                           'Attributes': profile.Attributes,
+                                           'TargetId': targetId.toString()
+                                       });
+        ticketreq.write(jsonrequest);
+        ticketreq.end();
+
+        ticketreq.on('error', function (e) {
+            console.error('Error' + e);
+        });
+    },
+
+    generateXrfkey: function(size, chars) {
+        size = size || 16;
+        chars = chars || "abcdefghijklmnopqrstuwxyzABCDEFGHIJKLMNOPQRSTUWXYZ0123456789";
+
+        var rnd = crypto.randomBytes(size), value = new Array(size), len = chars.length;
+
+        for (var i = 0; i < size; i++) {
+            value[i] = chars[rnd[i] % len]
+        };
+
+        return value.join('');
+    }
+
+};

package.json

@@ -0,0 +1,27 @@
+{
+  "name": "qlik-auth",
+  "version": "1.0.0",
+  "description": "A package for simplyfing custom authentication with the Qlik Sense and QlikView products",
+  "author": "Rikard Braathen <[email protected]>",
+  "license": "MIT",
+  "dependencies": {
+  },
+  "engine": "node >= 0.4.0",
+  "keywords": [
+    "qlik",
+    "qlikview",
+    "sense",
+    "ticket",
+    "webticket",
+    "custom",
+    "authentiction"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/braathen/qlik-auth.git"
+  },
+  "homepage": "https://github.com/braathen/qlik-auth",
+  "bugs": {
+    "url": "https://github.com/braathen/qlik-auth/issues"
+  }
+}