Qlik Community

Deployment & Management

Discussion board where members learn more about Qlik Sense Installation, Deployment and Management.

Announcements
QlikWorld 2022, LIVE in Denver CO., May 16-19, 2022. REGISTER NOW TO RECEIVE EARLY BIRD PRICING
cancel
Showing results for 
Search instead for 
Did you mean: 
lachlanwwells
Partner
Partner

Tutorial: Configure Auth0 as SSO for Qlik Sense Enterprise for Windows using SAML

Hi there,

We recently configured Qlik Sense to work with Auth0 (the free version works) and use the internal Auth0 user database for authentication/SSO and thought we'd share the process.

The steps to get started with an initial connection are as follows, for an example single-node installation (be sure to replace the <your_server_url> with your Qlik Sense server URL - example https://server.example.com/hub/ use server.example.com as <your_server_url>:

  1. Create a new virtual proxy in Qlik Sense from within the QMC
  2. Enter the description ‘Auth0’
  3. Enter ‘sso’ in the prefix field
  4. Set Session cookie header name to ‘X-Qlik-Session-Auth0SSO’
  5. Add new server node and select your ‘Central’ node and click Add
  6. Check ‘Authentication’ and ‘Advanced’ on the sidebar
  7. Choose ‘SAML’ as authentication method
    1. Tick SAML single logout
    2. SAML host URI is the URL of your Qlik Sense Server (ending in a /)
    3. SAML entity ID is ‘auth0saml’
    4. SAML attribute for user ID is ‘http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress’ to use email address
    5. SAML attribute for user directory is [auth0] for a static directory
  8. In the Host white list, click Add new value twice and enter both the URL of your Qlik Sense Server in one row (without https:// or / at the end) and ‘auth0.com’ in the other
  9. Click Apply
  10. Link the Virtual Proxy to the Proxy by clicking on ‘Proxies’ in the sidebar under ‘Associated Items’
  11. Click ‘Link’ and select the Central Node and click ‘Link’ again

At this point you have the following information in Auth0 terms:

Application Callback URL: https://<your_server_url>:443/sso/samlauthn/
SLO (Logout Callback) URL: https://<your_server_url>:443/sso/samlauthn/slo/
Audience:  auth0saml

  1. Set up an Auth0 tenant
  2. Go to Applications > Create Application
  3. Enter a name and choose Regular Web Applications
  4. Go to Addons tab and click the red icon next to SAML2 Web App
  5. In the popup window enter the Application Callback URL ‘https://<your_server_url>:443/sso/samlauthn/’ in the Application Callback URL field
  6. Enter the following in the settings field:

{

  "audience": "auth0saml",

  "logout": {

    "callback": "https://<your_server_url>:443/sso/samlauthn/slo/",

    "slo_enabled": true

  }

}

  1. Scroll down and click Enable, then when saved, close this window.
  2. Make sure the SAML2 Web App is toggled on (green toggle) and click the icon again to display the popup once again
  3. Go to the Usage tab, and click ‘Download’ next to ‘Identity Provider Metadata’ to download an XML file used to configure Qlik
  4. Go back to the Qlik Sense server Virtual Proxy and edit the virtual proxy ‘Auth0’ you created
  5. Next to ‘SAML IdP metadata’ click on Choose File and select the downloaded XML file from Auth0 from step 9
  6. Click Apply and OK to restart Qlik Proxy

You can then test by visiting  https://<your_server_url>/sso

It should redirect you to Auth0 login page, then after login, back to the hub. You can then log out of Qlik, and it will sign you out of both Qlik and Auth0 and return you to the login screen.

Labels (3)
5 Replies
kaushiknsolanki

Hi Lachlanwwells,

This is really a good example. It would be more useful if you can create few min video to show how this can be done.

 

Regards,
Kaushik
If reply is satisfactory, please "Like" the post.
If reply is solution, please mark as "Correct".
lachlanwwells
Partner
Partner
Author

Sounds like a good idea!

kaushiknsolanki

Thank you. 🙂

Regards,
Kaushik
If reply is satisfactory, please "Like" the post.
If reply is solution, please mark as "Correct".
heosupplink
Contributor II
Contributor II

I get the 400 error for some reason..
If my qlik sense host name is in the form of ->  ipXXX.ip-XX-XX-XX.net

Could this be the issue?

ChrisCostantini
Partner
Partner

Very nice guide, thanks for sharing!