Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Note: You may notice some temporary visual or styling issues in the Community. Our vendor is actively investigating.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
willtech93
Partner - Contributor III
Partner - Contributor III
‎2025-08-25 05:18 PM

Qlik Sense On Prem Integration with Red Hat SSO using OIDC

Greetings,

 

We're trying to integrate SSO on Qlik Sense On Prem, with Red Hat Single Sign On, using OIDC. Is there any documentation related to this process? We've check this article, but no info related to RHSSO.

https://help.qlik.com/en-US/sense-admin/May2025/Subsystems/DeployAdministerQSE/Content/Sense_DeployA...

Any input would be appreciated.

 

Kind regards.

 

Labels (4)
1,661 Views
6 Replies
hugo_andrade
Partner - Specialist
Partner - Specialist
‎2025-08-27 01:42 PM

Hi @willtech93 ,

If you check the documentation for the different OIDC integrations with Qlik Sense, you will notice several steps that are global. Using those as base, you can get the OIDC integration working. I'm highlighting them here for you:

 

  • On Redhat SSO, create a New OIDC Client

  • Set Client Protocol to OpenID Connect.

  • Configure the Access Type to confidential (to support a client secret).

  • Provide Qlik Sense's callback/redirect URI: https://<QSEhostname>/<VirtualProxyPrefix>/oidcauthn

  • Copy the Client ID and Client Secret from RedHat SSO.

  • Copy the Discovery URL from Redhat SSO.

_________________________________________

 

  • In Qlik Sense Management Console, go to Virtual Proxies.

  • Create a virtual proxy for OIDC authentication.

  • Choose the OIDC authentication method 

  • Enter the Discovery URL 

  • Enter the Client ID and Client Secret obtained

  • Open the Discovery URL on your browser. From there, you will be able to get the scope and attributes for Sub, Name, email etc.

All the regular Virtual Proxy configuration applies: set load balancing nodes, add hosts to the allowlist, link to Proxy.

 

 

 

Live and Breathe Qlik & AWS.
Follow me on my LinkedIn | Know IPC Global at ipc-global.com

1,355 Views
0 Likes
willtech93
Partner - Contributor III
Partner - Contributor III
‎2025-09-01 10:26 AM
Author

In response to hugo_andrade

Hi @hugo_andrade

Thank you for the reply.

We managed to find some documentation about Keycloak, which is a dev version of Red Hat, and followed the steps mentioned there and we were able to set the initial config.

Said article is this one for anyone who wants to dive in: https://community.qlik.com/t5/Official-Support-Articles/Qlik-Sense-for-Windows-How-to-configure-OIDC...

Regards.

 

1,311 Views
hugo_andrade
Partner - Specialist
Partner - Specialist
‎2025-09-01 03:21 PM

In response to willtech93

Great @willtech93 !

Please give a like and mark the comment as helpful if you agree.

Thanks!

Live and Breathe Qlik & AWS.
Follow me on my LinkedIn | Know IPC Global at ipc-global.com

1,306 Views
willtech93
Partner - Contributor III
Partner - Contributor III
‎2025-09-05 07:52 PM
Author

In response to hugo_andrade

Hello,

We actually managed to set this config on a test environment and it worked without a problem.

 

Problem came when we had to set this on the production environment. We configured everything according the documentation (RHSSO as well), but now we're facing this error 500 whenever we try to authenticate.

 

We looked into these articles: https://community.qlik.com/t5/Visualization-and-Usability/Error-500-Internal-Server-Error/td-p/97840...

https://customerportal.qlik.com/article/Qlik-Sense-Enterprise-on-Windows-Error-500-Internal-Server-E...

But nothing there applies to what's happening to us.

 

Any input, would be much appreciated.

 

Regards.

 

Preview file
46 KB
1,264 Views
0 Likes
hugo_andrade
Partner - Specialist
Partner - Specialist
‎2025-09-06 12:03 PM

In response to willtech93

Hi @willtech93 ,

What are the differences between the two environments?

Is one of them multi-node or both?

I'm asking this as there might be some communication issue between the servers. The 500 error suggests it might be something on the Qlik side.

On the RHSSO side, is everything setup the same way? Were you able to validate the work done by the SSO team?

I would confirm on RHSSO if:

  • Authn Requests are Signed

  • Assertions are Signed

Thanks for the follow-up. We will get it to work! 🙂

Live and Breathe Qlik & AWS.
Follow me on my LinkedIn | Know IPC Global at ipc-global.com

1,037 Views
0 Likes
willtech93
Partner - Contributor III
Partner - Contributor III
‎2025-09-17 06:32 PM
Author

In response to hugo_andrade

Hello Hugo,

 

Thank you for the reply.

Also, sorry for the delayed response.

As for the environment, is a multinode deployement. The only thing that changes is the valid redirect url and the access url on the production environment. Weirdly enough, we made some test to check if the SSO client detects any request from Qlik, but none was detected.

As for this: 

 

I would confirm on RHSSO if:

  • Authn Requests are Signed

  • Assertions are Signed

We checked, and it has the same config as the previous environments.

 

Regards.

482 Views
0 Likes