Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
jonilj
Contributor II
Contributor II
‎2021-05-20 02:18 PM

400 "The http request header is incorrect" SAML

Hi all,

Having followed the guide to set up SSO integration between Okta and Qliksense, we're almost there I believe however we get the error 400, "The http request header is incorrect". I took a look at the Audit Proxy-log and I can see the error "Http request Host is not allowed: qliksense.ourcompany.com".

Looking into the virtual proxy, under advanced, we have "qliksense.ourcompany.com" whitelisted as well as "https://qliksense.ourcompany.com/okta" whitelisted. What else do we need to add to this whitelist? I'm fairly positive this is where the issue lies judging by the log and what I've found when looking up the error.

Thanks in advance for any and all help.

Labels (1)
Labels

  • Other

2,623 Views
0 Likes
5 Replies
Sooraj_Suresh
Former Employee
Former Employee
‎2021-05-21 04:34 AM

Hello @jonilj 

Please make sure to whitelist the ip address also. 

Is QlikSense running on Http or Https?

What version of QlikSense is running?

Is there any loadbalancer or any firewall that you could probably check to see if the request is getting blocked there?

 

Regards

Sooraj Suresh

2,585 Views
0 Likes
jonilj
Contributor II
Contributor II
‎2021-05-21 04:44 AM
Author

Hi @Sooraj_Suresh, we added "https://qliksense.ourcompany.com" and "qliksense.ourcompany.com/okta" to the whitelist and that seems to have solved this issue. Now we're getting this instead, so I'm continuing to investigate:

"Contact your system administrator. The user cannot be authenticated or logged out by the SAML response through the following virtual proxy: okta"

2,573 Views
0 Likes
Sooraj_Suresh
Former Employee
Former Employee
‎2021-05-21 05:08 AM

In response to jonilj

@jonilj 

Thats great news!

 

Well coming to the other issue we believe there is some misconfiguration at the okta side which is causing this issue. We suspect the issue could be because you might have not included "samlauth/" suffix in the Single Sign On URL in the Okta configuration page.

However you can refer to the below Youtube video link that explains complete step by step details to setup Okta with QlikSense so you cna compare and see if you have missed some configuration.

https://www.youtube.com/watch?v=WR-k_D5EZhM&t=74s

 

Please mark this a solution if the above suggestions has helped in resolving the issue......

 

Regards

Sooraj Suresh

2,559 Views
0 Likes
jonilj
Contributor II
Contributor II
‎2021-05-21 06:07 AM
Author

Hi @Sooraj_Suresh,

Thanks that's actually the guide we followed! But in Okta we have this configuration (for Single Sign On URL, Recipient URL and Destination URL):

https://qliksense.companyname.com:443/okta/samlauthn/

I'm wondering though if the issue is that we should use something other than "email" in SAML attribute for userID? Normally we use our AD accounts (sAMAccountName) to login so maybe that is the issue? How would we map that attribute instead in Qliksense?

Also, I can't see these failed attempts in the Audit Proxy-log, should I be looking elsewhere?

2,545 Views
0 Likes
jonilj
Contributor II
Contributor II
‎2021-05-24 09:45 AM
Author

Anyone?

2,494 Views