
.png)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Replacing Qlik Sense proxy SSL certificate causes 500 error on SAML authentication
I have a QSE Windows implementation that uses SAML authentication against Google Workplace.
When we attempt to update the SSL certificate on the server and paste the new thumbprint in the proxy config, authentication via the SAML Virtual Proxy starts returning a 500 error.
There are no changes to the SAML configuration (which has its own certificate). Every post I find online references 500 errors related to the SAML certificate specifically.
Has anyone experienced similar issues? I do not know how replacing the SSL cert on the proxy would cause a problem with the existing SAML configuration.
I understand the SP metadata could change in this scenario, but Google did not require us to upload the SP metadata into the SAML app.
I appreciate any advice/experience/guidance. Thanks!
Accepted Solutions
.png)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
One of the most common issues we see at support for the 500 with SAML is related to the new certificate using a hashing algorithm of SHA 256 .
If that is the case you will need to verify the provider is set to "Microsoft Enhanced RSA and AES Cryptographic Provider" . If different, you will need to transform it so it uses the correct crypto provider info.
This article explains how to verify this setting and how to change the certificate attributes if needed.
https://community.qlik.com/t5/Knowledge/Error-500-Internal-server-error-in-the-Hub-QMC-when-connecti...
Hope this helps.
.png)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
One of the most common issues we see at support for the 500 with SAML is related to the new certificate using a hashing algorithm of SHA 256 .
If that is the case you will need to verify the provider is set to "Microsoft Enhanced RSA and AES Cryptographic Provider" . If different, you will need to transform it so it uses the correct crypto provider info.
This article explains how to verify this setting and how to change the certificate attributes if needed.
https://community.qlik.com/t5/Knowledge/Error-500-Internal-server-error-in-the-Hub-QMC-when-connecti...
Hope this helps.
