Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2026 Agenda Now Available: Explore Sessions
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
HeshamKhja1
Partner - Creator II
Partner - Creator II
‎2025-11-06 07:58 AM

Error SAML mandatory attribute for user ID is missing

Hi,

I configured SAML and it redirects successfully to Idp, but after user is authenticated with Idp and returned to Qlik Sense, Error 400 shows. In proxy audit logs the error says "SAML mandatory attribute for user ID is missing". The logs also show that SAML attributes are empty.

I inspected the SAML Response using SAML Tracer, and indeed the attributes tag in the SAML XML is not there. However, the NameID tag is present. Why is Qlik Sense unable to read the NameID as SAML user ID?

The NameID exists in the response under <saml2p:Response> <saml2:Assertion> <saml2:Subject> <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"> XXXXX</saml2:NameID>

SAML Configuration:

HeshamKhja1_0-1762433517486.png

I disabled optional attributes and single log out just as an attempt to resolve the issue.

I tried SAML attribute for user ID "NameID" and "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" but both return the same error.

Any ideas please?

Labels (1)
Labels
394 Views
1 Solution

Accepted Solutions
Levi_Turner
Employee
Employee
‎2025-11-06 10:47 AM

Qlik Sense Enterprise - Client Managed reads from the attribute statement in the SAML XML response, not from the subject statement. 

View solution in original post

354 Views
4 Replies
hugo_andrade
Partner - Specialist
Partner - Specialist
‎2025-11-06 08:45 AM

Hi @HeshamKhja1 ,

It's most likely a mismatch between your IdP and Qlik Sense.

Could you send the SAML assertions here so we can inspect and validate your configuration?

With that, we will be able to help you.

Live and Breathe Qlik & AWS.
Follow me on my LinkedIn | Know IPC Global at ipc-global.com

372 Views
Levi_Turner
Employee
Employee
‎2025-11-06 10:47 AM

Qlik Sense Enterprise - Client Managed reads from the attribute statement in the SAML XML response, not from the subject statement. 

355 Views
Leonds1998
Contributor
Contributor
‎2025-11-07 06:34 AM

This error means a required user ID attribute is missing from the SAML response, which can be fixed by correcting attribute mappings on the Identity Provider (IdP) or verifying user data. First, ensure the SAML response contains the mandatory attributes, such as emailaddress or nameid, by checking your IdP's configuration and your service provider's settings. If the attributes are correctly mapped, update the user's profile with the missing data and re-upload the IdP's metadata file if its configuration has changed.

TM Menards

335 Views
0 Likes
HeshamKhja1
Partner - Creator II
Partner - Creator II
2 weeks ago
Author

Hi @Levi_Turner ,

Thank you for your input. I have a further inquiry if you would kindly help.

After investigating with the Idp admin, he informed me that no attributes are returned because of the flags below sent by Qlik Sense in the SAML Request. He requested that we remove these flags from the request. Is this possible? or do you have any alternatives/suggestions?
AssertionConsumerServiceIndex="1"
AttributeConsumingServiceIndex="1"

 

On a side note, your posts and replies are always a great source of information and they benefit me a lot. So thank you a lot.

Regards,

Hesham

131 Views