https://community.qlik.com/t5/Management-Governance/Qlik-Sense-and-SAML-setup-for-Google-auth-500-error/m-p/91323#M1517 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Hope someone can help me here as I am trying to get Sense hooked up with SAML with Google for SSO authentication.</P><P>I have followed the instructions from Eric Clutario<SPAN style="color: #8b8b8b; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 12px;"> </SPAN><A href="https://community.qlik.com/docs/DOC-17021">Google-QlikSAMLSSO.pdf</A> as well as watched the youtube videos on SAML setup.</P><P></P><P>The problem is that I have managed to get authentication from Google apps, once authenticated in Google choosing the QlikSense app authenticates perfectly, authenticating and creating the user in Sense great i.e. <SPAN style="background-color: #f6d5d9;">see </SPAN>below:</P><P><IMG alt="Capture.PNG" class="jive-image image-1" height="187" src="https://community.qlik.com/legacyfs/online/212614_Capture.PNG" style="height: 187.547px; width: 77px;" width="77" /></P><P><SPAN>However, if I go straight to the SSO virtual proxy in Sense i.e. </SPAN><A class="jive-link-external-small" href="https://" rel="nofollow" target="_blank">https://</A><EM><SPAN style="font-size: 8pt;">&lt;</SPAN><SPAN style="font-size: 8pt;">server&gt;</SPAN></EM>/sso/hub I get a 500 error, almost like it cannot get to the Google SSO URL or is being bounced, see the error, I would have expected to see the google auth prompt:</P><P><IMG alt="Capture2.PNG" class="jive-image image-2" height="285" src="https://community.qlik.com/legacyfs/online/212618_Capture2.PNG" style="height: 285px; width: 597.845px;" width="598" /></P><P></P><P>I have checked the logs on the server and cannot find any reference to the error, a warning or info on it, so I am thinking it is outside of the engine or proxy, or the IdP metadata is incorrect, but this is what I downloaded from the certificate in the Google Admin App location. </P><P><SPAN style="font-size: 10pt;"><BR /></SPAN></P><P><SPAN style="font-size: 10pt;">See setting from the QMC below, I have tried SHA-256 and SHA-1, updating the IdP metadata and this seems all fine.</SPAN></P><P><IMG alt="Capture3.PNG" class="jive-image image-3" src="https://community.qlik.com/legacyfs/online/212619_Capture3.PNG" style="height: 349px; width: 620px;" /></P><P>And see the Google App setup from the admin screen as per Eric's instructions:</P><P><IMG alt="Capture4.PNG" class="image-4 jive-image" src="https://community.qlik.com/legacyfs/online/212620_Capture4.PNG" style="height: 506px; width: 620px;" /></P><P><IMG alt="Capture5.PNG" class="image-5 jive-image" src="https://community.qlik.com/legacyfs/online/212621_Capture5.PNG" style="height: 126px; width: 620px;" /></P><P></P><P>And the IdP metadata that I am using from Google which has been loaded into the proxy. </P><P><IMG alt="Capture6.PNG" class="jive-image image-6" height="191" src="https://community.qlik.com/legacyfs/online/212622_Capture6.PNG" style="height: 191.113px; width: 697px;" width="697" /></P><P>So I am now at a loss on why this is not working, any help would be a great help and I am now stuck.</P><P></P><P>Thanks </P><P>Lee</P></BODY></HTML> Tue, 04 Sep 2018 14:51:32 GMT lee_connor 2018-09-04T14:51:32Z https://community.qlik.com/t5/Management-Governance/Qlik-Sense-and-SAML-setup-for-Google-auth-500-error/m-p/91323#M1517 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Hope someone can help me here as I am trying to get Sense hooked up with SAML with Google for SSO authentication.</P><P>I have followed the instructions from Eric Clutario<SPAN style="color: #8b8b8b; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 12px;"> </SPAN><A href="https://community.qlik.com/docs/DOC-17021">Google-QlikSAMLSSO.pdf</A> as well as watched the youtube videos on SAML setup.</P><P></P><P>The problem is that I have managed to get authentication from Google apps, once authenticated in Google choosing the QlikSense app authenticates perfectly, authenticating and creating the user in Sense great i.e. <SPAN style="background-color: #f6d5d9;">see </SPAN>below:</P><P><IMG alt="Capture.PNG" class="jive-image image-1" height="187" src="https://community.qlik.com/legacyfs/online/212614_Capture.PNG" style="height: 187.547px; width: 77px;" width="77" /></P><P><SPAN>However, if I go straight to the SSO virtual proxy in Sense i.e. </SPAN><A class="jive-link-external-small" href="https://" rel="nofollow" target="_blank">https://</A><EM><SPAN style="font-size: 8pt;">&lt;</SPAN><SPAN style="font-size: 8pt;">server&gt;</SPAN></EM>/sso/hub I get a 500 error, almost like it cannot get to the Google SSO URL or is being bounced, see the error, I would have expected to see the google auth prompt:</P><P><IMG alt="Capture2.PNG" class="jive-image image-2" height="285" src="https://community.qlik.com/legacyfs/online/212618_Capture2.PNG" style="height: 285px; width: 597.845px;" width="598" /></P><P></P><P>I have checked the logs on the server and cannot find any reference to the error, a warning or info on it, so I am thinking it is outside of the engine or proxy, or the IdP metadata is incorrect, but this is what I downloaded from the certificate in the Google Admin App location. </P><P><SPAN style="font-size: 10pt;"><BR /></SPAN></P><P><SPAN style="font-size: 10pt;">See setting from the QMC below, I have tried SHA-256 and SHA-1, updating the IdP metadata and this seems all fine.</SPAN></P><P><IMG alt="Capture3.PNG" class="jive-image image-3" src="https://community.qlik.com/legacyfs/online/212619_Capture3.PNG" style="height: 349px; width: 620px;" /></P><P>And see the Google App setup from the admin screen as per Eric's instructions:</P><P><IMG alt="Capture4.PNG" class="image-4 jive-image" src="https://community.qlik.com/legacyfs/online/212620_Capture4.PNG" style="height: 506px; width: 620px;" /></P><P><IMG alt="Capture5.PNG" class="image-5 jive-image" src="https://community.qlik.com/legacyfs/online/212621_Capture5.PNG" style="height: 126px; width: 620px;" /></P><P></P><P>And the IdP metadata that I am using from Google which has been loaded into the proxy. </P><P><IMG alt="Capture6.PNG" class="jive-image image-6" height="191" src="https://community.qlik.com/legacyfs/online/212622_Capture6.PNG" style="height: 191.113px; width: 697px;" width="697" /></P><P>So I am now at a loss on why this is not working, any help would be a great help and I am now stuck.</P><P></P><P>Thanks </P><P>Lee</P></BODY></HTML> Tue, 04 Sep 2018 14:51:32 GMT https://community.qlik.com/t5/Management-Governance/Qlik-Sense-and-SAML-setup-for-Google-auth-500-error/m-p/91323#M1517 lee_connor 2018-09-04T14:51:32Z https://community.qlik.com/t5/Management-Governance/Qlik-Sense-and-SAML-setup-for-Google-auth-500-error/m-p/91324#M1518 <HTML><HEAD></HEAD><BODY><P>Turns out this was due to our SSL certificate not being about to encrypt <SPAN style="color: #737373; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">SHA-256, SHA-384 and SHA-512 XML signatures, as they require the </SPAN><STRONG style="font-size: 13px; background: #ffffff; color: #737373; font-family: Arial, Helvetica, sans-serif;">Microsoft Enhanced RSA and AES Cryptographic Provider</STRONG><SPAN style="color: #737373; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">. </SPAN></P><P><SPAN style="color: #737373; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><BR /></SPAN></P><P><SPAN style="color: #737373; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">More details about cryptographic service providers (CSPs) and their capabilities may be found at:</SPAN></P><P><A href="https://msdn.microsoft.com/en-us/library/windows/desktop/bb931357(v=vs.85).aspx" style="color: #007fc0; font-size: 13px; background: #ffffff; font-family: Arial, Helvetica, sans-serif;" target="_blank" title="https://msdn.microsoft.com/en-us/library/windows/desktop/bb931357(v=vs.85).aspx">https://msdn.microsoft.com/en-us/library/windows/desktop/bb931357(v=vs.85).aspx</A></P><P><SPAN style="color: #737373; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><BR /></SPAN></P><P><SPAN style="color: #737373; font-family: Arial, Helvetica, sans-serif; font-size: 13px;">I used OpenSSL to convert the current certificate (cert and pfx) on the server, follow the instructions on:</SPAN></P><P><SPAN style="color: #737373; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"><A href="https://azuliadesigns.com/sha256-cryptographic-service-provider-types/" title="https://azuliadesigns.com/sha256-cryptographic-service-provider-types/">https://azuliadesigns.com/sha256-cryptographic-service-provider-types/</A></SPAN></P><P></P><P>Once the new cert was installed the issue was resolved. </P><P></P><P>Lee</P><P><SPAN style="color: #737373; font-family: Arial, Helvetica, sans-serif; font-size: 13px;"> </SPAN></P></BODY></HTML> Thu, 13 Sep 2018 15:15:35 GMT https://community.qlik.com/t5/Management-Governance/Qlik-Sense-and-SAML-setup-for-Google-auth-500-error/m-p/91324#M1518 lee_connor 2018-09-13T15:15:35Z