Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hi everyone,
we're trying to set up a IDP in our Qlik SaaS tenant but we're getting a Protocol error that we can't seem to fix.
Would be great if anyone could help.
Hi @Albert_Candelario @Vinay_B ,
So we finally fixed the problem, it was the openid connect uri metadata.
In google cloud, once you create the credentials you get a json with the all the necessary information for the IDP. In many tutorials online I saw other people use google's auth_uri : https://accounts.google.com/o/oauth2/auth . Which is wrong. I figured out we had to use this uri: https://accounts.google.com/.well-known/openid-configuration. The IT manager and I recreated the IDP with the correct URI.
It's funny that the example was grayed out in the input box but all the examples online suggest otherwise.
Google is a huge, it's odd that there are no tutorials using them with a SSO.
Thanks for Everyone's Help.
Hello @RamiBS ,
Thanks for posting.
Are you using the Generic integration?
Identity providers ‒ Qlik Cloud
Also please check Using Google Identity with Qlik Cloud - Qlik Community - 1777677
Kindly, let us know if it helps.
Cheers,
Albert
Hi @Albert_Candelario ,
Thanks for answering.
Yes i've set it up as generic. Also saw the post several of times. We used the original tenant host name and even added the end point of login/callback and checked the the account billing is actice.
Still we get the protocol error. Do we have to configure scopes for the consent screen the user sees?
is there no guide for the the google idp configuration like the ones you have for azur and okta?
Hi @RamiBS
Can you confirm if Google admin is the one authenticating on Qlik SaaS side as well? It is possible that the Identity is not able to communicate due to insufficient access.
I would recommend using the Google admin account to validate the IDP settings on Qlik side as well.
Vinay
Hi @Vinay_B
The IT manager is the admin for the google identity, i'll ask him to put me as co owner on the project in google cloud and verify what he did, he might not have updated the login/callback end point, is it a must?
I'm the tenant admin.
Hi @RamiBS,
Admin access is required to authenticate the IDP. Recently I was working on a similar case and after adding the Google Admin to the tenant and that admin validated the IDP successfully. So the reason is when a non-admin try to validate the IDP, might be due to insufficient access the IDP throws a such error during the validation.
So I would suggest getting the admin access and then checking to confirm if you can validate the IDP successfully. Let me know how it goes.
Vinay
Kindly keep us posted @RamiBS 🙂
@Albert_Candelario @Vinay_B I'll Keep you posted. The IT manager comes back to work on in 2 days.
Really hope that that this is the fix.
Hi @Albert_Candelario @Vinay_B ,
So we finally fixed the problem, it was the openid connect uri metadata.
In google cloud, once you create the credentials you get a json with the all the necessary information for the IDP. In many tutorials online I saw other people use google's auth_uri : https://accounts.google.com/o/oauth2/auth . Which is wrong. I figured out we had to use this uri: https://accounts.google.com/.well-known/openid-configuration. The IT manager and I recreated the IDP with the correct URI.
It's funny that the example was grayed out in the input box but all the examples online suggest otherwise.
Google is a huge, it's odd that there are no tutorials using them with a SSO.
Thanks for Everyone's Help.
Excellent news @RamiBS , thanks for letting all us know!!