topic Re: 400 "The http request header is incorrect" SAML in Management & Governance

400 "The http request header is incorrect" SAML

jonilj — Sat, 16 Nov 2024 00:08:08 GMT

Hi all,

Having followed the guide to set up SSO integration between Okta and Qliksense, we're almost there I believe however we get the error 400, "The http request header is incorrect". I took a look at the Audit Proxy-log and I can see the error "Http request Host is not allowed: qliksense.ourcompany.com".

Looking into the virtual proxy, under advanced, we have "qliksense.ourcompany.com" whitelisted as well as "https://qliksense.ourcompany.com/okta" whitelisted. What else do we need to add to this whitelist? I'm fairly positive this is where the issue lies judging by the log and what I've found when looking up the error.

Thanks in advance for any and all help.

Re: 400 "The http request header is incorrect" SAML

Sooraj_Suresh — Fri, 21 May 2021 08:34:23 GMT

Hello @jonilj

Please make sure to whitelist the ip address also.

Is QlikSense running on Http or Https?

What version of QlikSense is running?

Is there any loadbalancer or any firewall that you could probably check to see if the request is getting blocked there?

Regards

Sooraj Suresh

Re: 400 "The http request header is incorrect" SAML

jonilj — Fri, 21 May 2021 08:44:18 GMT

Hi @Sooraj_Suresh, we added "https://qliksense.ourcompany.com" and "qliksense.ourcompany.com/okta" to the whitelist and that seems to have solved this issue. Now we're getting this instead, so I'm continuing to investigate:

"Contact your system administrator. The user cannot be authenticated or logged out by the SAML response through the following virtual proxy: okta"

Re: 400 "The http request header is incorrect" SAML

Sooraj_Suresh — Fri, 21 May 2021 09:09:18 GMT

@jonilj

Thats great news!

Well coming to the other issue we believe there is some misconfiguration at the okta side which is causing this issue. We suspect the issue could be because you might have not included "samlauth/" suffix in the Single Sign On URL in the Okta configuration page.

However you can refer to the below Youtube video link that explains complete step by step details to setup Okta with QlikSense so you cna compare and see if you have missed some configuration.

https://www.youtube.com/watch?v=WR-k_D5EZhM&t=74s

Please mark this a solution if the above suggestions has helped in resolving the issue......

Regards

Sooraj Suresh

Re: 400 "The http request header is incorrect" SAML

jonilj — Fri, 21 May 2021 10:07:43 GMT

Hi @Sooraj_Suresh,

Thanks that's actually the guide we followed! But in Okta we have this configuration (for Single Sign On URL, Recipient URL and Destination URL):

https://qliksense.companyname.com:443/okta/samlauthn/

I'm wondering though if the issue is that we should use something other than "email" in SAML attribute for userID? Normally we use our AD accounts (sAMAccountName) to login so maybe that is the issue? How would we map that attribute instead in Qliksense?

Also, I can't see these failed attempts in the Audit Proxy-log, should I be looking elsewhere?

Re: 400 "The http request header is incorrect" SAML

jonilj — Mon, 24 May 2021 13:45:45 GMT

Anyone?