https://community.qlik.com/t5/Integration-Extension-APIs/Qlik-Sense-IAM-WSO2-OIDC-mapping-attribute-issue/m-p/2520853#M22276 <P>Hello,</P><P>for a customer, we are trying to use Qlik Sense client managed as service provider and IAM WSO2 as authenticator (Identity Server). We are having problem in correctly mapping user attribute provided from IAM in Qlik user attribute,</P><P>Qlik virtual proxy redirects successfully to wso2 that proceeds to authenticate the user and call back to Sense.</P><P>While sub is correctly mapped to userID, such as emailaddress, we are having issue with Qlik attribute "name" that is accepting only wso2 "fullname" claim (this fullname claim inside the identity provider is mapped as "cn").</P><P>If I try to use claim "givenname" or "lastname" for example, we receive error 400 in the browser session and Qlik proxy log reports error</P><P>Missing claimType:OidcAttributeName↵↓ at Proxy.SessionEstablishment.Authentication.OIDC.OidcAttributeParser.ParseClaim(JwtPayload jwtPayload, String claimsAttrib, String claimTypeName, Boolean isMandatory)</P><P>I am attaching qlik virtual proxy configuration and wso2 claims configured into service provider</P><P>QLIK VIRTUAL PROXY</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="npapapicco_0-1749638654438.png" style="width: 400px;"><img src="https://community.qlik.com/t5/image/serverpage/image-id/181241iEAFA059E33342D5A/image-size/medium?v=v2&amp;px=400" role="button" title="npapapicco_0-1749638654438.png" alt="npapapicco_0-1749638654438.png" /></span></P><P>WSO2 SERVICE PROVIDER CLAIM CONFIGURATION</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="npapapicco_1-1749638740084.png" style="width: 400px;"><img src="https://community.qlik.com/t5/image/serverpage/image-id/181243i0C46820EE80745DD/image-size/medium?v=v2&amp;px=400" role="button" title="npapapicco_1-1749638740084.png" alt="npapapicco_1-1749638740084.png" /></span></P><P>Only this config produces successful authentication and correct redirection to Qlik Sense hub.</P><P>Why Qlik is accepting fullname claim only? Whatever you provide instead of fullname produce error 400&nbsp;</P><P>&nbsp;</P><P>Any advice on that?</P><P>Thank you</P><P>Nick</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 11 Jun 2025 10:53:19 GMT npapapicco 2025-06-11T10:53:19Z https://community.qlik.com/t5/Integration-Extension-APIs/Qlik-Sense-IAM-WSO2-OIDC-mapping-attribute-issue/m-p/2520853#M22276 <P>Hello,</P><P>for a customer, we are trying to use Qlik Sense client managed as service provider and IAM WSO2 as authenticator (Identity Server). We are having problem in correctly mapping user attribute provided from IAM in Qlik user attribute,</P><P>Qlik virtual proxy redirects successfully to wso2 that proceeds to authenticate the user and call back to Sense.</P><P>While sub is correctly mapped to userID, such as emailaddress, we are having issue with Qlik attribute "name" that is accepting only wso2 "fullname" claim (this fullname claim inside the identity provider is mapped as "cn").</P><P>If I try to use claim "givenname" or "lastname" for example, we receive error 400 in the browser session and Qlik proxy log reports error</P><P>Missing claimType:OidcAttributeName↵↓ at Proxy.SessionEstablishment.Authentication.OIDC.OidcAttributeParser.ParseClaim(JwtPayload jwtPayload, String claimsAttrib, String claimTypeName, Boolean isMandatory)</P><P>I am attaching qlik virtual proxy configuration and wso2 claims configured into service provider</P><P>QLIK VIRTUAL PROXY</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="npapapicco_0-1749638654438.png" style="width: 400px;"><img src="https://community.qlik.com/t5/image/serverpage/image-id/181241iEAFA059E33342D5A/image-size/medium?v=v2&amp;px=400" role="button" title="npapapicco_0-1749638654438.png" alt="npapapicco_0-1749638654438.png" /></span></P><P>WSO2 SERVICE PROVIDER CLAIM CONFIGURATION</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="npapapicco_1-1749638740084.png" style="width: 400px;"><img src="https://community.qlik.com/t5/image/serverpage/image-id/181243i0C46820EE80745DD/image-size/medium?v=v2&amp;px=400" role="button" title="npapapicco_1-1749638740084.png" alt="npapapicco_1-1749638740084.png" /></span></P><P>Only this config produces successful authentication and correct redirection to Qlik Sense hub.</P><P>Why Qlik is accepting fullname claim only? Whatever you provide instead of fullname produce error 400&nbsp;</P><P>&nbsp;</P><P>Any advice on that?</P><P>Thank you</P><P>Nick</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 11 Jun 2025 10:53:19 GMT https://community.qlik.com/t5/Integration-Extension-APIs/Qlik-Sense-IAM-WSO2-OIDC-mapping-attribute-issue/m-p/2520853#M22276 npapapicco 2025-06-11T10:53:19Z