Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hello!
In february 2023 qlik sense enterprise version, saml don`t work. After authorization on idp, browser redirect to host/virtualproxy/samlauthn and 403 untrusted http origin header scheme is not allowed error in network console. In november 2022 same settings to vp and idp work well.
Has anyone encountered such a problem?
Hello all,
Thanks for posting.
This seems related to a known defect - QB-19046 that will be fixed in the incoming August 2023 release.
The issue arises, if is indeed the same issue, when the Origin is "null".
I hope this helps.
Cheers,
Albert
If you copy the Proxy folder from the November 2022 version and replace the February 2023 one with it, then everything works.
Hi, i am encountering the same issue here. Client is using ForgeRock OpenAM with SAML2.0. The May 2022 version had no issues at all, after upgrading to May 2023 it stopped working with this error. So far we checked everything, and im seeing the following changes that can possible have effect on this.
QB-14622 |
Qlik Sense: Header injection redirects into non-existing subdomain |
The "Host allow list" in Virtual Proxy settings trusted all subdomains of the given entry. This has been fixed by adding an option for strict validation that only allows the given entry. The new proxy configuration setting "StrictValidateWhitelist" allows switching between the behaviors. The default is set to false (all subdomains trusted). If you need strict validation, enable the setting and restart the proxy. |
QB-14363 |
Qlik Sense: Unencrypted origin trusted by default |
Fixed a problem that allowed unencrypted HTTP origin header in Qlik Sense for HTTPS protocol requests. |
I don't think it is pefrerable to replace the proxy folder with an older version and get possible compatibility issues due to that.
Hi.
Thanks for the info.
QB-14363 - most likely caused the error
QB-14622 - does not help to solve the problem. I tried it on the February version earlier and just tried it on the May version with patch 1.
Replacing the folder is only a debug of the problem, but not a solution to it, of course.
Hello all,
Thanks for posting.
This seems related to a known defect - QB-19046 that will be fixed in the incoming August 2023 release.
The issue arises, if is indeed the same issue, when the Origin is "null".
I hope this helps.
Cheers,
Albert
I have the same issue on august 2023 Patch 11. I still see the errror message.
Forbidden
Untrusted http origin header scheme is not allowed.
I'm able to login using NTLM, But sso is still not working
Any Suggestion.
@Albert_Candelario I upgraded Qlik Sense to Feb 2024 Version and Still encounter the 403 Forbidden Untrusted http origin header scheme is not allowed.
Is it still a bug in Feb 2024 Version. Applied Feb 2024 patch 6 , still the same issue.
Okay, so After Troubleshooting I found the Issue is with HTTP communication. I found in feb 2024 SSO is not working if your IDP is having HTTP. The same is working in August 2022 Version.
@Albert_Candelario @Daniel11 Is there any official announcement from Qlik to close the http communication in newer version?
Any workaround how we can use the http in feb 2024 version.
Note: I have http enabled in proxy.