Skip to main content
Announcements
Join us at Qlik Connect for 3 magical days of learning, networking,and inspiration! REGISTER TODAY and save!
cancel
Showing results for 
Search instead for 
Did you mean: 
lupusyonderboy
Contributor
Contributor

PingFederate OIDC connection for Qlik Cloud

I wanted to see if there is any type of documentation or if anyone here has successfully configured an OIDC connection in PingFederate that provides SSO to Qlik Cloud. 

 

I have been trying to get my configuration to work but am currently stuck at a claims error everytime I try to validate the connection in Qlik.  I know I am sending all the correct claims (open_id email sub profile) and am stuck at this point.

 

Any help from anyone would be greatly appreciated!!!

Labels (2)
3 Replies
Seanog_Murphy
Creator III
Creator III

Hi @lupusyonderboy 

Can you let me know what error you are getting?

You can check the claims being sent using the following API. Append the following to your Tenant URL as an authenticated user.
/api/v1/diagnose-claims

 

lupusyonderboy
Contributor
Contributor
Author

This is the error I receive after I try to validate my connection.  I get redirected back to my pingfed, login successfully and then when it tries to access Qlik I get this;

 

An error occurred while validating your identity provider configuration. Please review your configuration settings.

{
  "status": "claimsError",
  "oauth2Error": {
    "error": "invalid_client",
    "errorDescription": "Invalid client or client credentials."
  },
  "error": "Invalid client or client credentials."
}
alex_almero
Contributor
Contributor

verify the following in the OAuth Server settings:

1. an IdP adapter mapping to persistent grant.

2. access token management.

3. defined an access token mapping using the token manager defined above. 

4. a policy manager.

5. ensure that you're using the client_id not the name in Qlik.  Use the token manager and policy defined.

 

It would help if you can share the settings you have defined in PF.   You should be able to test your configuration using Postman.