Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 
Daniel11
Contributor
Contributor

/samlauthn 403 untrusted http origin header scheme is not allowed error

Hello!

In february 2023 qlik sense enterprise version, saml don`t work. After authorization on idp, browser redirect to host/virtualproxy/samlauthn and 403 untrusted http origin header scheme is not allowed error in network console. In november 2022 same settings to vp and idp work well.

Has anyone encountered such a problem?

Danilich_qlik_0-1681821182111.png

 

Labels (2)
1 Solution

Accepted Solutions
Albert_Candelario

Hello all,

Thanks for posting.

This seems related to a known defect - QB-19046 that will be fixed in the incoming August 2023 release.

The issue arises, if is indeed the same issue, when the Origin is "null".

I hope this helps.

Cheers,

Albert

Please, remember to mark the thread as solved once getting the correct answer

View solution in original post

5 Replies
Daniel11
Contributor
Contributor
Author

If you copy the Proxy folder from the November 2022 version and replace the February 2023 one with it, then everything works.

nvankorlaar
Partner - Contributor III
Partner - Contributor III

Hi, i am encountering the same issue here. Client is using ForgeRock OpenAM with SAML2.0. The May 2022 version had no issues at all, after upgrading to May 2023 it stopped working with this error.  So far we checked everything, and im seeing the following changes that can possible have effect on this.

QB-14622

Qlik Sense: Header injection redirects into non-existing subdomain

The "Host allow list" in Virtual Proxy settings trusted all subdomains of the given entry. This has been fixed by adding an option for strict validation that only allows the given entry. The new proxy configuration setting "StrictValidateWhitelist" allows switching between the behaviors. The default is set to false (all subdomains trusted). If you need strict validation, enable the setting and restart the proxy.

QB-14363

Qlik Sense: Unencrypted origin trusted by default

Fixed a problem that allowed unencrypted HTTP origin header in Qlik Sense for HTTPS protocol requests.


I don't think it is pefrerable to replace the proxy folder with an older version and get possible compatibility issues due to that.

Daniel11
Contributor
Contributor
Author

Hi.
Thanks for the info.
QB-14363 - most likely caused the error
QB-14622 - does not help to solve the problem. I tried it on the February version earlier and just tried it on the May version with patch 1.

Replacing the folder is only a debug of the problem, but not a solution to it, of course.

Albert_Candelario

Hello all,

Thanks for posting.

This seems related to a known defect - QB-19046 that will be fixed in the incoming August 2023 release.

The issue arises, if is indeed the same issue, when the Origin is "null".

I hope this helps.

Cheers,

Albert

Please, remember to mark the thread as solved once getting the correct answer
LTIAT95
Partner - Contributor III
Partner - Contributor III

I have the same issue on august 2023 Patch 11. I still see the errror message.

403

Forbidden

Untrusted http origin header scheme is not allowed.

I'm able to login using NTLM, But sso is still not working

Any Suggestion.