Hello,

for a customer, we are trying to use Qlik Sense client managed as service provider and IAM WSO2 as authenticator (Identity Server). We are having problem in correctly mapping user attribute provided from IAM in Qlik user attribute,

Qlik virtual proxy redirects successfully to wso2 that proceeds to authenticate the user and call back to Sense.

While sub is correctly mapped to userID, such as emailaddress, we are having issue with Qlik attribute "name" that is accepting only wso2 "fullname" claim (this fullname claim inside the identity provider is mapped as "cn").

If I try to use claim "givenname" or "lastname" for example, we receive error 400 in the browser session and Qlik proxy log reports error

Missing claimType:OidcAttributeName↵↓ at Proxy.SessionEstablishment.Authentication.OIDC.OidcAttributeParser.ParseClaim(JwtPayload jwtPayload, String claimsAttrib, String claimTypeName, Boolean isMandatory)

I am attaching qlik virtual proxy configuration and wso2 claims configured into service provider

QLIK VIRTUAL PROXY

WSO2 SERVICE PROVIDER CLAIM CONFIGURATION

Only this config produces successful authentication and correct redirection to Qlik Sense hub.

Why Qlik is accepting fullname claim only? Whatever you provide instead of fullname produce error 400 

Any advice on that?

Thank you

Nick