Qlik Community

Deployment & Management

Discussion board where members learn more about Qlik Sense Installation, Deployment and Management.

Announcements
Support Case Portal has moved to Qlik Community! Read the FAQs to start exploring Support resources.
cancel
Showing results for 
Search instead for 
Did you mean: 
greg-anderson
Luminary Alumni
Luminary Alumni

Replacing Qlik Sense proxy SSL certificate causes 500 error on SAML authentication

I have a QSE Windows implementation that uses SAML authentication against Google Workplace.

When we attempt to update the SSL certificate on the server and paste the new thumbprint in the proxy config, authentication via the SAML Virtual Proxy starts returning a 500 error.

There are no changes to the SAML configuration (which has its own certificate).  Every post I find online references 500 errors related to the SAML certificate specifically.

Has anyone experienced similar issues?  I do not know how replacing the SSL cert on the proxy would cause a problem with the existing SAML configuration.

I understand the SP metadata could change in this scenario, but Google did not require us to upload the SP metadata into the SAML app.

I appreciate any advice/experience/guidance. Thanks!

Labels (2)
1 Reply
Alexis_Touet
Support
Support

Hi, 

One of the most common issues we see at support for the 500 with SAML is related to the new certificate using a hashing algorithm of SHA 256 . 

If that is the case you will need to verify the provider is set to "Microsoft Enhanced RSA and AES Cryptographic Provider" . If different, you will need to transform it so it uses the correct crypto provider info. 

This article explains how to verify this setting and how to change the certificate attributes if needed. 

https://community.qlik.com/t5/Knowledge/Error-500-Internal-server-error-in-the-Hub-QMC-when-connecti...

Hope this helps.

Please don't forget to mark a correct resolution or answer to your problem or question as correct, as it will help other members to find solutions more easily 😉