https://community.qlik.com/t5/Management-Governance/Referencing-string-array-claims-from-OIDC-ID-token/m-p/2506643#M28806 <P>Hi,</P> <P>&nbsp;</P> <P>The discussed system is configured to authenticate users via OIDC on on-premise Qlik Sense (Windows) deployment. For various reasons we need to use a verified_primary_email claim, which comes from Azure AD via ID token in a form of string array, even though it's a single value, e.g.</P> <PRE>{<BR /> ...,<BR /> "verified_primary_email": [<BR /> "user.name@domain.com"<BR /> ],<BR /> ...<BR />}</PRE> <P>I managed to verify the claims in token manually, so error on that side is pretty improbable.</P> <P>Any idea how to reference this in <A href="https://help.qlik.com/en-US/sense-admin/May2024/Subsystems/DeployAdministerQSE/Content/Sense_DeployAdminister/QSEoW/Administer_QSEoW/Managing_QSEoW/edit-virtual-proxy.htm" target="_self">Virtual Proxy claim mapping configuration</A>? I couldn't find this anywhere in the documentation, nor in the <A href="https://community.qlik.com/t5/Official-Support-Articles/Qlik-Sense-for-Windows-How-to-configure-OIDC-with-Azure-AD/ta-p/1812401" target="_self">related Qlik Support Article</A>.&nbsp;<a href="https://community.qlik.com/t5/user/viewprofilepage/user-id/29425">@Damien_V</a>&nbsp;&nbsp;<a href="https://community.qlik.com/t5/user/viewprofilepage/user-id/28597">@Sonja_Bauernfeind</a>&nbsp;can you possibly help here?</P> <P>EDIT: I've tried following options, without success (always ended up with the same generic error message related to OIDC):</P> <UL> <LI>verified_primary_email</LI> <LI>verified_primary_email[0]</LI> <LI>verified_primary_email[1]</LI> <LI>verified_primary_email(0)</LI> <LI>verified_primary_email(1)</LI> <LI>verified_primary_email.0</LI> <LI>verified_primary_email.1</LI> </UL> <P>&nbsp;</P> <P>Many thanks!</P> <P>Martin</P> Fri, 21 Feb 2025 09:16:14 GMT mk_kmx 2025-02-21T09:16:14Z https://community.qlik.com/t5/Management-Governance/Referencing-string-array-claims-from-OIDC-ID-token/m-p/2506643#M28806 <P>Hi,</P> <P>&nbsp;</P> <P>The discussed system is configured to authenticate users via OIDC on on-premise Qlik Sense (Windows) deployment. For various reasons we need to use a verified_primary_email claim, which comes from Azure AD via ID token in a form of string array, even though it's a single value, e.g.</P> <PRE>{<BR /> ...,<BR /> "verified_primary_email": [<BR /> "user.name@domain.com"<BR /> ],<BR /> ...<BR />}</PRE> <P>I managed to verify the claims in token manually, so error on that side is pretty improbable.</P> <P>Any idea how to reference this in <A href="https://help.qlik.com/en-US/sense-admin/May2024/Subsystems/DeployAdministerQSE/Content/Sense_DeployAdminister/QSEoW/Administer_QSEoW/Managing_QSEoW/edit-virtual-proxy.htm" target="_self">Virtual Proxy claim mapping configuration</A>? I couldn't find this anywhere in the documentation, nor in the <A href="https://community.qlik.com/t5/Official-Support-Articles/Qlik-Sense-for-Windows-How-to-configure-OIDC-with-Azure-AD/ta-p/1812401" target="_self">related Qlik Support Article</A>.&nbsp;<a href="https://community.qlik.com/t5/user/viewprofilepage/user-id/29425">@Damien_V</a>&nbsp;&nbsp;<a href="https://community.qlik.com/t5/user/viewprofilepage/user-id/28597">@Sonja_Bauernfeind</a>&nbsp;can you possibly help here?</P> <P>EDIT: I've tried following options, without success (always ended up with the same generic error message related to OIDC):</P> <UL> <LI>verified_primary_email</LI> <LI>verified_primary_email[0]</LI> <LI>verified_primary_email[1]</LI> <LI>verified_primary_email(0)</LI> <LI>verified_primary_email(1)</LI> <LI>verified_primary_email.0</LI> <LI>verified_primary_email.1</LI> </UL> <P>&nbsp;</P> <P>Many thanks!</P> <P>Martin</P> Fri, 21 Feb 2025 09:16:14 GMT https://community.qlik.com/t5/Management-Governance/Referencing-string-array-claims-from-OIDC-ID-token/m-p/2506643#M28806 mk_kmx 2025-02-21T09:16:14Z