https://community.qlik.com/t5/Management-Governance/quot-500-Internal-server-error-quot-when-using-SHA-256-in-SAML/m-p/1527987#M12237 Thank you!! Looking forward to hear the result <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> Tue, 08 Jan 2019 18:01:14 GMT Bastien_Laugiero 2019-01-08T18:01:14Z https://community.qlik.com/t5/Management-Governance/quot-500-Internal-server-error-quot-when-using-SHA-256-in-SAML/m-p/1527146#M12214 <P>Hi all,</P><P>&nbsp;</P><P>I get a 500 Internal Server Error from Qlik Sense, September 2018 version, when using SHA-256, instead of the default SHA-1 as signing algorithm.</P><P>&nbsp;</P><P>The error message in 'Proxy\TESTPUB02_Audit_Proxy.txt' is:</P><P><FONT face="courier new,courier" size="2">WARN testpub02 Audit.Proxy.Proxy.Core.RequestListener 152 973a2763-e18c-4e5a-8a23-210989e0e9d8 TESTPUB02\user Unanticipated ComponentSpace.SAML2.Exceptions.SAMLSignatureException occurred for connection</FONT></P><P>&nbsp;</P><P>My settings are:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="SOTEST Virtual Proxy.png" style="width: 699px;"><img src="https://community.qlik.com/t5/image/serverpage/image-id/3176iB2E655D3A3D31C2C/image-size/large?v=v2&amp;px=999" role="button" title="SOTEST Virtual Proxy.png" alt="SOTEST Virtual Proxy.png" /></span></P><P>&nbsp;</P><P>When I go to <A href="https://my.public.url/sotest" target="_blank">https://my.public.url/sotest</A>, I get a redirect to&nbsp;<SPAN><A href="https://my.public.url/sotest/hub/" target="_blank">https://my.public.url/sotest/hub/</A>.</SPAN></P><P><SPAN>The hub returns a 500 Internal server error after just 5 ms.</SPAN></P><P><SPAN>If I choose SHA-1, I get redirected to the Google login.</SPAN></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P><SPAN>According to <A href="https://community.qlik.com/thread/217948" target="_self">this post</A>, the certificate used for the Qlik Proxy needs to support SHA-256 XML signatures.</SPAN></P><P><SPAN>Our certificate says it's signing algorithm is 'sha256RSA'.&nbsp;&nbsp;Is that not good enough?</SPAN></P><P><SPAN><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="SOTEST Certificate.png" style="width: 386px;"><img src="https://community.qlik.com/t5/image/serverpage/image-id/3178i779D4D6DBAF5AC2C/image-size/large?v=v2&amp;px=999" role="button" title="SOTEST Certificate.png" alt="SOTEST Certificate.png" /></span></SPAN></P><P>&nbsp;</P><P><SPAN>Any tip is appreciated,</SPAN></P><P>&nbsp;</P><P><SPAN>Cheers,</SPAN></P><P><SPAN>Vegard</SPAN></P> Sat, 16 Nov 2024 06:55:18 GMT https://community.qlik.com/t5/Management-Governance/quot-500-Internal-server-error-quot-when-using-SHA-256-in-SAML/m-p/1527146#M12214 vegard_bakke 2024-11-16T06:55:18Z https://community.qlik.com/t5/Management-Governance/quot-500-Internal-server-error-quot-when-using-SHA-256-in-SAML/m-p/1527165#M12215 <P>Hello,</P> <P>Looking at the error from the Audit logs it seems that the certificate does not have the correct Cryptographic Provider set.</P> <P><SPAN>In order to use SHA-256 in Qlik Sense with SAML, the cryptographic provider for the certificate applied on the Qlik Sense proxy must be "</SPAN><SPAN>Microsoft Enhanced RSA and AES Cryptographic Provider".</SPAN></P> <P><SPAN>Here is&nbsp;<A href="https://qliksupport.force.com/articles/000041560" target="_self">an article</A> referring to the error message.</SPAN></P> <P><SPAN>And here is <A href="https://qliksupport.force.com/articles/000041680" target="_self">an article</A> providing the steps to check and change the&nbsp;cryptographic provider</SPAN></P> <P><SPAN>Hope this helps!&nbsp;</SPAN></P> Mon, 07 Jan 2019 15:37:49 GMT https://community.qlik.com/t5/Management-Governance/quot-500-Internal-server-error-quot-when-using-SHA-256-in-SAML/m-p/1527165#M12215 Bastien_Laugiero 2019-01-07T15:37:49Z https://community.qlik.com/t5/Management-Governance/quot-500-Internal-server-error-quot-when-using-SHA-256-in-SAML/m-p/1527804#M12235 <P>Thank you so much for you quick reply. I will check out this, and give you some feedback. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Tue, 08 Jan 2019 14:05:40 GMT https://community.qlik.com/t5/Management-Governance/quot-500-Internal-server-error-quot-when-using-SHA-256-in-SAML/m-p/1527804#M12235 vegard_bakke 2019-01-08T14:05:40Z https://community.qlik.com/t5/Management-Governance/quot-500-Internal-server-error-quot-when-using-SHA-256-in-SAML/m-p/1527987#M12237 Thank you!! Looking forward to hear the result <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> Tue, 08 Jan 2019 18:01:14 GMT https://community.qlik.com/t5/Management-Governance/quot-500-Internal-server-error-quot-when-using-SHA-256-in-SAML/m-p/1527987#M12237 Bastien_Laugiero 2019-01-08T18:01:14Z https://community.qlik.com/t5/Management-Governance/quot-500-Internal-server-error-quot-when-using-SHA-256-in-SAML/m-p/1529019#M12251 <P>I've tried a few different things now.&nbsp; All give the same results, unfortunately.</P><P>&nbsp;</P><P>I have one self-signed certificate for the testpub02.company.com, and one for *.company.com.</P><P>I have added the "<STRONG>Microsoft Enhanced RSA and AES Cryptographic Provider</STRONG>" using openssl as described in your second link.&nbsp; (cert</P><P>I have set up one Qlik virtual proxy with our local IdP-metadata, and one virtual proxy using IdP-metadata for Google Accounts. (The certutil.exe -dump now reports&nbsp;<STRONG>Provider = Microsoft Enhanced RSA and AES Cryptographic Provider</STRONG>.)</P><P>&nbsp;</P><P>Going to the "Google IdP prefix", I get immediately redirected to the Google login page.<BR />But using the #local IdP prefix" still gives 500&nbsp;Internal server error.&nbsp;</P><P>And the error message is still:</P><P><FONT face="courier new,courier">WARN testpub02 Audit.Proxy.Proxy.Core.RequestListener TESTPUB02\user Unanticipated ComponentSpace.SAML2.Exceptions.SAMLBindingException occurred for connection</FONT></P><P>&nbsp;</P><P>Is there anywhere I can get a more detailed error message?&nbsp; Or any logging I can turn on?</P><P>How can I find out what is actually going wrong? I looks like it might be something wrong with our metadata. But how to identify what it is, beats me... <span class="lia-unicode-emoji" title=":confused_face:">😕</span></P><P>&nbsp;</P><P>&nbsp;</P><P>Vegard</P> Thu, 10 Jan 2019 13:59:05 GMT https://community.qlik.com/t5/Management-Governance/quot-500-Internal-server-error-quot-when-using-SHA-256-in-SAML/m-p/1529019#M12251 vegard_bakke 2019-01-10T13:59:05Z https://community.qlik.com/t5/Management-Governance/quot-500-Internal-server-error-quot-when-using-SHA-256-in-SAML/m-p/1529090#M12253 <P>Hello,</P> <P>Thank you for applying the article. So the error has now changed.</P> <P>In the beginning, it was: Unanticipated ComponentSpace.SAML2.Exceptions.<STRONG>SAMLSignatureException</STRONG></P> <P>And now: Unanticipated ComponentSpace.SAML2.Exceptions.<STRONG>SAMLBindingException</STRONG></P> <P>This new error is related to the fact that your Idp metadata has been created with the binding method HTTP POST instead of HTTP REDIRECT.<BR />Every information is documented <A href="https://qliksupport.force.com/articles/000045712" target="_self">here</A>.</P> Thu, 10 Jan 2019 17:31:15 GMT https://community.qlik.com/t5/Management-Governance/quot-500-Internal-server-error-quot-when-using-SHA-256-in-SAML/m-p/1529090#M12253 Bastien_Laugiero 2019-01-10T17:31:15Z https://community.qlik.com/t5/Management-Governance/quot-500-Internal-server-error-quot-when-using-SHA-256-in-SAML/m-p/1529199#M12256 <P>Thank you! I didn't notice that the exception was indeed different. And thank you for the link.</P><P>I will look into this on Monday.</P><P>cheers <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Thu, 10 Jan 2019 21:12:13 GMT https://community.qlik.com/t5/Management-Governance/quot-500-Internal-server-error-quot-when-using-SHA-256-in-SAML/m-p/1529199#M12256 vegard_bakke 2019-01-10T21:12:13Z https://community.qlik.com/t5/Management-Governance/quot-500-Internal-server-error-quot-when-using-SHA-256-in-SAML/m-p/1530064#M12270 Thank you so much Bastien! Our test IdP was not enabled for HTTP-Redirect.<BR /><BR />Maybe not the easiest error messages to decode. But now at least the community forum contains the error messages and links to the Qlik Support Knowledge articles, for others at a later stage.<BR /><BR />A little more can be found here:<BR /><A href="https://qliksupport.force.com/QS_CoveoSearch#q=ComponentSpace.SAML2&amp;t=All&amp;sort=relevancy" target="_blank">https://qliksupport.force.com/QS_CoveoSearch#q=ComponentSpace.SAML2&amp;t=All&amp;sort=relevancy</A><BR /><BR /><BR />Again, thank you so much! <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> Mon, 14 Jan 2019 14:57:09 GMT https://community.qlik.com/t5/Management-Governance/quot-500-Internal-server-error-quot-when-using-SHA-256-in-SAML/m-p/1530064#M12270 vegard_bakke 2019-01-14T14:57:09Z https://community.qlik.com/t5/Management-Governance/quot-500-Internal-server-error-quot-when-using-SHA-256-in-SAML/m-p/1530085#M12271 Thank you! <BR />Glad it could be resolved <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> Mon, 14 Jan 2019 15:16:18 GMT https://community.qlik.com/t5/Management-Governance/quot-500-Internal-server-error-quot-when-using-SHA-256-in-SAML/m-p/1530085#M12271 Bastien_Laugiero 2019-01-14T15:16:18Z