Hi there,
We recently configured Qlik Sense to work with Auth0 (the free version works) and use the internal Auth0 user database for authentication/SSO and thought we'd share the process.
The steps to get started with an initial connection are as follows, for an example single-node installation (be sure to replace the <your_server_url> with your Qlik Sense server URL - example https://server.example.com/hub/ use server.example.com as <your_server_url>:
- Create a new virtual proxy in Qlik Sense from within the QMC
- Enter the description ‘Auth0’
- Enter ‘sso’ in the prefix field
- Set Session cookie header name to ‘X-Qlik-Session-Auth0SSO’
- Add new server node and select your ‘Central’ node and click Add
- Check ‘Authentication’ and ‘Advanced’ on the sidebar
- Choose ‘SAML’ as authentication method
- Tick SAML single logout
- SAML host URI is the URL of your Qlik Sense Server (ending in a /)
- SAML entity ID is ‘auth0saml’
- SAML attribute for user ID is ‘http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress’ to use email address
- SAML attribute for user directory is [auth0] for a static directory
- In the Host white list, click Add new value twice and enter both the URL of your Qlik Sense Server in one row (without https:// or / at the end) and ‘auth0.com’ in the other
- Click Apply
- Link the Virtual Proxy to the Proxy by clicking on ‘Proxies’ in the sidebar under ‘Associated Items’
- Click ‘Link’ and select the Central Node and click ‘Link’ again
At this point you have the following information in Auth0 terms:
Application Callback URL: https://<your_server_url>:443/sso/samlauthn/
SLO (Logout Callback) URL: https://<your_server_url>:443/sso/samlauthn/slo/
Audience: auth0saml
- Set up an Auth0 tenant
- Go to Applications > Create Application
- Enter a name and choose Regular Web Applications
- Go to Addons tab and click the red icon next to SAML2 Web App
- In the popup window enter the Application Callback URL ‘https://<your_server_url>:443/sso/samlauthn/’ in the Application Callback URL field
- Enter the following in the settings field:
{
"audience": "auth0saml",
"logout": {
"callback": "https://<your_server_url>:443/sso/samlauthn/slo/",
"slo_enabled": true
}
}
- Scroll down and click Enable, then when saved, close this window.
- Make sure the SAML2 Web App is toggled on (green toggle) and click the icon again to display the popup once again
- Go to the Usage tab, and click ‘Download’ next to ‘Identity Provider Metadata’ to download an XML file used to configure Qlik
- Go back to the Qlik Sense server Virtual Proxy and edit the virtual proxy ‘Auth0’ you created
- Next to ‘SAML IdP metadata’ click on Choose File and select the downloaded XML file from Auth0 from step 9
- Click Apply and OK to restart Qlik Proxy
You can then test by visiting https://<your_server_url>/sso
It should redirect you to Auth0 login page, then after login, back to the hub. You can then log out of Qlik, and it will sign you out of both Qlik and Auth0 and return you to the login screen.
