Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Introducing Qlik Answers: A plug-and-play, Generative AI powered RAG solution. READ ALL ABOUT IT!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
RamiBS
Contributor III
Contributor III
‎2022-10-06 07:38 AM

IDP with Google Identity

Hi everyone,

we're trying to set up a IDP in our Qlik SaaS tenant but we're getting a Protocol error that we can't seem to fix.

Would be great if anyone could help.

 

RamiBS_0-1665056319990.png

 

Labels (1)
Labels

  • Cloud

Preview file
30 KB
1,365 Views
0 Likes
1 Solution

Accepted Solutions
RamiBS
Contributor III
Contributor III
‎2022-10-11 04:48 AM
Author

Hi @Albert_Candelario @Vinay_B ,

So we finally fixed the problem, it was the openid connect uri metadata.

In google cloud, once you create the credentials you get a json with the all the necessary information for the IDP. In many tutorials online I saw other people use google's auth_uri : https://accounts.google.com/o/oauth2/auth .  Which is wrong.  I figured out we had to use this uri: https://accounts.google.com/.well-known/openid-configuration. The IT manager and I recreated the IDP with the correct URI.

It's funny that the example was grayed out in the input box but all the examples online suggest otherwise.

Google is a huge, it's odd that there are no tutorials using them with a SSO.

Thanks for Everyone's Help.

View solution in original post

1,276 Views
9 Replies
Albert_Candelario
Support
Support
‎2022-10-06 03:45 PM

Hello @RamiBS ,

Thanks for posting.

Are you using the Generic integration?
Identity providers ‒ Qlik Cloud

Also please check Using Google Identity with Qlik Cloud - Qlik Community - 1777677

Kindly, let us know if it helps.

Cheers,

Albert

Please, remember to mark the thread as solved once getting the correct answer
1,341 Views
0 Likes
RamiBS
Contributor III
Contributor III
‎2022-10-07 07:21 AM
Author

In response to Albert_Candelario

Hi @Albert_Candelario ,

 

Thanks for answering. 

 

Yes i've set it up as generic. Also saw the post several of times. We used the original tenant host name and even added the end point of login/callback and checked the the account billing is actice.

Still we get the protocol error. Do we have to configure scopes for the consent screen the user sees?

is there no guide for the the google idp configuration like the ones you have for azur and okta?

1,333 Views
0 Likes
Vinay_B
Support
Support
‎2022-10-07 08:31 AM

In response to Albert_Candelario

Hi @RamiBS

 

Can you confirm if Google admin is the one authenticating on Qlik SaaS side as well? It is possible that the Identity is not able to communicate due to insufficient access.

 

I would recommend using the Google admin account to validate the IDP settings on Qlik side as well.

 

Vinay

If this resolves your query, please click on "Accept as Solution" for confirmation. Thanks!
1,329 Views
0 Likes
RamiBS
Contributor III
Contributor III
‎2022-10-07 09:08 AM
Author

In response to Vinay_B

Hi @Vinay_B 

The IT manager is the admin for the google identity, i'll ask him to put me as co owner on the project in google cloud and verify what he did, he might not have updated the login/callback end point, is it a must?

I'm the tenant admin.

1,327 Views
0 Likes
Vinay_B
Support
Support
‎2022-10-07 09:24 AM

In response to Albert_Candelario

Hi @RamiBS,

 

Admin access is required to authenticate the IDP. Recently I was working on a similar case and after adding the Google Admin to the tenant and that admin validated the IDP successfully. So the reason is when a non-admin try to validate the IDP, might be due to insufficient access the IDP throws a such error during the validation.

 

So I  would suggest getting the admin access and then checking to confirm if you can validate the IDP successfully. Let me know how it goes.

 

Vinay

If this resolves your query, please click on "Accept as Solution" for confirmation. Thanks!
1,322 Views
Albert_Candelario
Support
Support
‎2022-10-07 03:41 PM

In response to Vinay_B

Kindly keep us posted @RamiBS  🙂

Please, remember to mark the thread as solved once getting the correct answer
1,316 Views
0 Likes
RamiBS
Contributor III
Contributor III
‎2022-10-09 04:17 AM
Author

In response to Albert_Candelario

@Albert_Candelario @Vinay_B  I'll Keep you posted. The IT manager comes back to work on in 2 days.

Really hope that that this is the fix.

1,296 Views
RamiBS
Contributor III
Contributor III
‎2022-10-11 04:48 AM
Author

Hi @Albert_Candelario @Vinay_B ,

So we finally fixed the problem, it was the openid connect uri metadata.

In google cloud, once you create the credentials you get a json with the all the necessary information for the IDP. In many tutorials online I saw other people use google's auth_uri : https://accounts.google.com/o/oauth2/auth .  Which is wrong.  I figured out we had to use this uri: https://accounts.google.com/.well-known/openid-configuration. The IT manager and I recreated the IDP with the correct URI.

It's funny that the example was grayed out in the input box but all the examples online suggest otherwise.

Google is a huge, it's odd that there are no tutorials using them with a SSO.

Thanks for Everyone's Help.

1,277 Views
Albert_Candelario
Support
Support
‎2022-10-11 09:43 AM

In response to RamiBS

Excellent news @RamiBS , thanks for letting all us know!!

Please, remember to mark the thread as solved once getting the correct answer
1,262 Views
0 Likes