Skip to main content
Woohoo! Qlik Community has won “Best in Class Community” in the 2024 Khoros Kudos awards!
Announcements
Nov. 20th, Qlik Insider - Lakehouses: Driving the Future of Data & AI - PICK A SESSION
cancel
Showing results for 
Search instead for 
Did you mean: 
lachlanwcast
Partner - Contributor III
Partner - Contributor III

Tutorial: Configure Auth0 as SSO for Qlik Sense Enterprise for Windows using SAML

Hi there,

We recently configured Qlik Sense to work with Auth0 (the free version works) and use the internal Auth0 user database for authentication/SSO and thought we'd share the process.

The steps to get started with an initial connection are as follows, for an example single-node installation (be sure to replace the <your_server_url> with your Qlik Sense server URL - example https://server.example.com/hub/ use server.example.com as <your_server_url>:

  1. Create a new virtual proxy in Qlik Sense from within the QMC
  2. Enter the description ‘Auth0’
  3. Enter ‘sso’ in the prefix field
  4. Set Session cookie header name to ‘X-Qlik-Session-Auth0SSO’
  5. Add new server node and select your ‘Central’ node and click Add
  6. Check ‘Authentication’ and ‘Advanced’ on the sidebar
  7. Choose ‘SAML’ as authentication method
    1. Tick SAML single logout
    2. SAML host URI is the URL of your Qlik Sense Server (ending in a /)
    3. SAML entity ID is ‘auth0saml’
    4. SAML attribute for user ID is ‘http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress’ to use email address
    5. SAML attribute for user directory is [auth0] for a static directory
  8. In the Host white list, click Add new value twice and enter both the URL of your Qlik Sense Server in one row (without https:// or / at the end) and ‘auth0.com’ in the other
  9. Click Apply
  10. Link the Virtual Proxy to the Proxy by clicking on ‘Proxies’ in the sidebar under ‘Associated Items’
  11. Click ‘Link’ and select the Central Node and click ‘Link’ again

At this point you have the following information in Auth0 terms:

Application Callback URL: https://<your_server_url>:443/sso/samlauthn/
SLO (Logout Callback) URL: https://<your_server_url>:443/sso/samlauthn/slo/
Audience:  auth0saml

  1. Set up an Auth0 tenant
  2. Go to Applications > Create Application
  3. Enter a name and choose Regular Web Applications
  4. Go to Addons tab and click the red icon next to SAML2 Web App
  5. In the popup window enter the Application Callback URL ‘https://<your_server_url>:443/sso/samlauthn/’ in the Application Callback URL field
  6. Enter the following in the settings field:

{

  "audience": "auth0saml",

  "logout": {

    "callback": "https://<your_server_url>:443/sso/samlauthn/slo/",

    "slo_enabled": true

  }

}

  1. Scroll down and click Enable, then when saved, close this window.
  2. Make sure the SAML2 Web App is toggled on (green toggle) and click the icon again to display the popup once again
  3. Go to the Usage tab, and click ‘Download’ next to ‘Identity Provider Metadata’ to download an XML file used to configure Qlik
  4. Go back to the Qlik Sense server Virtual Proxy and edit the virtual proxy ‘Auth0’ you created
  5. Next to ‘SAML IdP metadata’ click on Choose File and select the downloaded XML file from Auth0 from step 9
  6. Click Apply and OK to restart Qlik Proxy

You can then test by visiting  https://<your_server_url>/sso

It should redirect you to Auth0 login page, then after login, back to the hub. You can then log out of Qlik, and it will sign you out of both Qlik and Auth0 and return you to the login screen.

Labels (1)
7 Replies
kaushiknsolanki
Partner Ambassador/MVP
Partner Ambassador/MVP

Hi Lachlanwwells,

This is really a good example. It would be more useful if you can create few min video to show how this can be done.

 

Please remember to hit the 'Like' button and for helpful answers and resolutions, click on the 'Accept As Solution' button. Cheers!
lachlanwcast
Partner - Contributor III
Partner - Contributor III
Author

Sounds like a good idea!

kaushiknsolanki
Partner Ambassador/MVP
Partner Ambassador/MVP

Thank you. 🙂

Please remember to hit the 'Like' button and for helpful answers and resolutions, click on the 'Accept As Solution' button. Cheers!
heosupplink
Contributor II
Contributor II

I get the 400 error for some reason..
If my qlik sense host name is in the form of ->  ipXXX.ip-XX-XX-XX.net

Could this be the issue?

ChrisCostantini
Partner - Contributor
Partner - Contributor

Very nice guide, thanks for sharing!

DGO
Contributor III
Contributor III

Thank you!  This method worked for us.

DGO
Contributor III
Contributor III

The original https://<your_server_url>/ URL still works with Windows authentication.  How do you disable Windows authentication?