topic SAML Authentication and NameID in Management & Governance https://community.qlik.com/t5/Management-Governance/SAML-Authentication-and-NameID/m-p/1725718#M16301 <P>Hi,</P><P>I have configured Qlik Sense for SAML authentication.</P><P>Something is uncleared to me regarding the usage of the SAML tag NameID.</P><P>Is it used by QlikSense to identify the user or does Qlik Sense only rely on the Attribute values?</P><P>For example, the IdP is answering this:</P><DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>&lt;</SPAN><SPAN>Subject</SPAN><SPAN>&gt;</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>&lt;</SPAN><STRONG>NameID</STRONG><SPAN>&nbsp;</SPAN><SPAN>Format</SPAN><SPAN>=</SPAN><SPAN>"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"</SPAN><SPAN>&gt;</SPAN><STRONG><FONT color="#000000">MyUser</FONT></STRONG><SPAN>&lt;/</SPAN><SPAN>NameID</SPAN><SPAN>&gt;</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>&lt;</SPAN><SPAN>SubjectConfirmation</SPAN><SPAN>&nbsp;</SPAN><SPAN>Method</SPAN><SPAN>=</SPAN><SPAN>"urn:oasis:names:tc:SAML:2.0:cm:bearer"</SPAN><SPAN>&gt;</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>&lt;</SPAN><SPAN>SubjectConfirmationData</SPAN><SPAN>&nbsp;</SPAN><SPAN>InResponseTo</SPAN><SPAN>=</SPAN><SPAN>"_cd32f856-e826-4e42-a094-e208157413ed"</SPAN><SPAN>&nbsp;</SPAN><SPAN>NotOnOrAfter</SPAN><SPAN>=</SPAN><SPAN>"2020-07-07T13:08:17.536Z"</SPAN><SPAN>&nbsp;</SPAN><SPAN>Recipient</SPAN><SPAN>=</SPAN><SPAN>"https://XXX:443/sso/samlauthn/"</SPAN><SPAN>&nbsp;</SPAN><SPAN>/&gt;</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>&lt;/</SPAN><SPAN>SubjectConfirmation</SPAN><SPAN>&gt;</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>&lt;/</SPAN><SPAN>Subject</SPAN><SPAN>&gt;</SPAN></DIV><DIV>&nbsp;</DIV><DIV>without any Attribute tag.</DIV><DIV>&nbsp;</DIV><DIV>Do I have to ask the Identity Provider to add some Attributes in the SAML response or is it possible to make it work with only this information ?</DIV><DIV>If yes, what is the correct configuration for the virtual proxy ?</DIV><DIV>&nbsp;</DIV><DIV>Regards,</DIV><DIV>&nbsp;</DIV><DIV>Jerome</DIV></DIV><P>&nbsp;</P> Tue, 07 Jul 2020 13:39:16 GMT jeromehautecoeur 2020-07-07T13:39:16Z SAML Authentication and NameID https://community.qlik.com/t5/Management-Governance/SAML-Authentication-and-NameID/m-p/1725718#M16301 <P>Hi,</P><P>I have configured Qlik Sense for SAML authentication.</P><P>Something is uncleared to me regarding the usage of the SAML tag NameID.</P><P>Is it used by QlikSense to identify the user or does Qlik Sense only rely on the Attribute values?</P><P>For example, the IdP is answering this:</P><DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>&lt;</SPAN><SPAN>Subject</SPAN><SPAN>&gt;</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>&lt;</SPAN><STRONG>NameID</STRONG><SPAN>&nbsp;</SPAN><SPAN>Format</SPAN><SPAN>=</SPAN><SPAN>"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"</SPAN><SPAN>&gt;</SPAN><STRONG><FONT color="#000000">MyUser</FONT></STRONG><SPAN>&lt;/</SPAN><SPAN>NameID</SPAN><SPAN>&gt;</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>&lt;</SPAN><SPAN>SubjectConfirmation</SPAN><SPAN>&nbsp;</SPAN><SPAN>Method</SPAN><SPAN>=</SPAN><SPAN>"urn:oasis:names:tc:SAML:2.0:cm:bearer"</SPAN><SPAN>&gt;</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>&lt;</SPAN><SPAN>SubjectConfirmationData</SPAN><SPAN>&nbsp;</SPAN><SPAN>InResponseTo</SPAN><SPAN>=</SPAN><SPAN>"_cd32f856-e826-4e42-a094-e208157413ed"</SPAN><SPAN>&nbsp;</SPAN><SPAN>NotOnOrAfter</SPAN><SPAN>=</SPAN><SPAN>"2020-07-07T13:08:17.536Z"</SPAN><SPAN>&nbsp;</SPAN><SPAN>Recipient</SPAN><SPAN>=</SPAN><SPAN>"https://XXX:443/sso/samlauthn/"</SPAN><SPAN>&nbsp;</SPAN><SPAN>/&gt;</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>&lt;/</SPAN><SPAN>SubjectConfirmation</SPAN><SPAN>&gt;</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>&lt;/</SPAN><SPAN>Subject</SPAN><SPAN>&gt;</SPAN></DIV><DIV>&nbsp;</DIV><DIV>without any Attribute tag.</DIV><DIV>&nbsp;</DIV><DIV>Do I have to ask the Identity Provider to add some Attributes in the SAML response or is it possible to make it work with only this information ?</DIV><DIV>If yes, what is the correct configuration for the virtual proxy ?</DIV><DIV>&nbsp;</DIV><DIV>Regards,</DIV><DIV>&nbsp;</DIV><DIV>Jerome</DIV></DIV><P>&nbsp;</P> Tue, 07 Jul 2020 13:39:16 GMT https://community.qlik.com/t5/Management-Governance/SAML-Authentication-and-NameID/m-p/1725718#M16301 jeromehautecoeur 2020-07-07T13:39:16Z