Skip to main content

Qlik

cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
greg-anderson
Luminary Alumni
‎2021-09-23 10:38 AM

Replacing Qlik Sense proxy SSL certificate causes 500 error on SAML authentication

I have a QSE Windows implementation that uses SAML authentication against Google Workplace.

When we attempt to update the SSL certificate on the server and paste the new thumbprint in the proxy config, authentication via the SAML Virtual Proxy starts returning a 500 error.

There are no changes to the SAML configuration (which has its own certificate).  Every post I find online references 500 errors related to the SAML certificate specifically.

Has anyone experienced similar issues?  I do not know how replacing the SSL cert on the proxy would cause a problem with the existing SAML configuration.

I understand the SP metadata could change in this scenario, but Google did not require us to upload the SP metadata into the SAML app.

I appreciate any advice/experience/guidance. Thanks!

Labels (2)
Labels
2,022 Views
0 Likes
1 Solution

Accepted Solutions
Alexis_Touet
Former Employee
‎2021-10-19 07:02 AM

Hi, 

One of the most common issues we see at support for the 500 with SAML is related to the new certificate using a hashing algorithm of SHA 256 . 

If that is the case you will need to verify the provider is set to "Microsoft Enhanced RSA and AES Cryptographic Provider" . If different, you will need to transform it so it uses the correct crypto provider info. 

This article explains how to verify this setting and how to change the certificate attributes if needed. 

https://community.qlik.com/t5/Knowledge/Error-500-Internal-server-error-in-the-Hub-QMC-when-connecti...

Hope this helps.

Please don't forget to mark a correct resolution or answer to your problem or question as correct, as it will help other members to find solutions more easily 😉

View solution in original post

1,940 Views
0 Likes
1 Reply
Alexis_Touet
Former Employee
‎2021-10-19 07:02 AM

Hi, 

One of the most common issues we see at support for the 500 with SAML is related to the new certificate using a hashing algorithm of SHA 256 . 

If that is the case you will need to verify the provider is set to "Microsoft Enhanced RSA and AES Cryptographic Provider" . If different, you will need to transform it so it uses the correct crypto provider info. 

This article explains how to verify this setting and how to change the certificate attributes if needed. 

https://community.qlik.com/t5/Knowledge/Error-500-Internal-server-error-in-the-Hub-QMC-when-connecti...

Hope this helps.

Please don't forget to mark a correct resolution or answer to your problem or question as correct, as it will help other members to find solutions more easily 😉
1,941 Views
0 Likes
li.common.scroll-to.top