Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hi,
Hope someone can help me here as I am trying to get Sense hooked up with SAML with Google for SSO authentication.
I have followed the instructions from Eric Clutario Google-QlikSAMLSSO.pdf as well as watched the youtube videos on SAML setup.
The problem is that I have managed to get authentication from Google apps, once authenticated in Google choosing the QlikSense app authenticates perfectly, authenticating and creating the user in Sense great i.e. see below:
However, if I go straight to the SSO virtual proxy in Sense i.e. https://<server>/sso/hub I get a 500 error, almost like it cannot get to the Google SSO URL or is being bounced, see the error, I would have expected to see the google auth prompt:
I have checked the logs on the server and cannot find any reference to the error, a warning or info on it, so I am thinking it is outside of the engine or proxy, or the IdP metadata is incorrect, but this is what I downloaded from the certificate in the Google Admin App location.
See setting from the QMC below, I have tried SHA-256 and SHA-1, updating the IdP metadata and this seems all fine.
And see the Google App setup from the admin screen as per Eric's instructions:
And the IdP metadata that I am using from Google which has been loaded into the proxy.
So I am now at a loss on why this is not working, any help would be a great help and I am now stuck.
Thanks
Lee
Turns out this was due to our SSL certificate not being about to encrypt SHA-256, SHA-384 and SHA-512 XML signatures, as they require the Microsoft Enhanced RSA and AES Cryptographic Provider.
More details about cryptographic service providers (CSPs) and their capabilities may be found at:
https://msdn.microsoft.com/en-us/library/windows/desktop/bb931357(v=vs.85).aspx
I used OpenSSL to convert the current certificate (cert and pfx) on the server, follow the instructions on:
https://azuliadesigns.com/sha256-cryptographic-service-provider-types/
Once the new cert was installed the issue was resolved.
Lee
Turns out this was due to our SSL certificate not being about to encrypt SHA-256, SHA-384 and SHA-512 XML signatures, as they require the Microsoft Enhanced RSA and AES Cryptographic Provider.
More details about cryptographic service providers (CSPs) and their capabilities may be found at:
https://msdn.microsoft.com/en-us/library/windows/desktop/bb931357(v=vs.85).aspx
I used OpenSSL to convert the current certificate (cert and pfx) on the server, follow the instructions on:
https://azuliadesigns.com/sha256-cryptographic-service-provider-types/
Once the new cert was installed the issue was resolved.
Lee