Skip to main content
Announcements
Accelerate Your Success: Fuel your data and AI journey with the right services, delivered by our experts. Learn More
cancel
Showing results for 
Search instead for 
Did you mean: 
brindlogcool
Creator III
Creator III

QlikSense SAML

I have configured the SAML as suggested in the documentation. And when i tried to access the Qlik Sense URL with SAML as suggested in the documentation

https://[node]/[prefix]/


the URL is getting redirected to the windows authentication like this https://server:port/windows_authentication/?targetId=11234 

and prompting for windows authentication. And it works fine.


(a) How to validate it is authenticated through SAML. Is there any logs associated with it ? Is it expected to prompt for windows authentication and validated through SAML.



Is there any specific setting has to be changed or additional coding required apart from the QMC settings





18 Replies
brindlogcool
Creator III
Creator III
Author

Is there any way i can send the log only to you?

eclutario
Contributor II
Contributor II

Hi,

I am trying to SAML-authenticate Qlik Sense with Google as my identity provider and have followed the instructional video and your instructions from this thread. The error I am getting is "The user cannot be authenticated by the SAML response through the following proxy: QlikSense"

QlikSense is my virtual proxy. Here's the configuration

Identification

Description: SSSO authentication with Google

Prefix : sso

Session inactivity Timeout(Minutes) :30

Session Cookie header name : X-Qlik-Session-SSO

Authentication

Anonymous access mode: No anonymous user

Authentication method: SAML

SAML host URI : https://testdashboard.irri.org

SAML entitity Id : sso

SAML Medtadata Idp : uploaded the metadata in QMC

SAML attribute for userid : email

SAML attribute for user active-directory: [GOOGLE]


have linked to default proxy Central.


The link https://testdashboard.irri.org/sso produce the error i mentioned above. The Google part seemed to be working as it passes through Google authentication:


Google login window:

Screen Shot 2016-06-15 at 9.54.43 AM.png

2 factor authentication


Screen Shot 2016-06-15 at 9.54.29 AM.png


then the error in Qlik


Screen Shot 2016-06-15 at 9.55.04 AM.png

Any idea where to look at to fix this?

Thanks!

Eric

eclutario
Contributor II
Contributor II

I figured it out and it's working like a charm!

Anyone who wants to implement the same in their organization, send me an email.

Cheers

eric

oknotsen
Master III
Master III

Google-QlikSAMLSSO.pdf

May you live in interesting times!
Anonymous
Not applicable

Hi All,

I have integrated SAML with 1 proxy node for PF IDP which works fine. Now I have added one more proxy node and I have linked the same node in SAML virtual proxy. When I try to access https://localhost/saml/hub I get below error.

Do I need to anything on top of this?

Thanks for your help in advance.

Please help!!

Not applicable

Immediately after seeing this error, look at the log file ????_audit_proxy.txt (found under

c:\programdata\qlik\sense\logs\proxy\trace\) and check the last few entries.

The log file will tell you why the authentication is failing. It could be your ID provider rejecting the request. Find out if something was changed in your ID provider side. If you have changed/updated your security certificate recently, you may have to send your metadata again to the ID provider and get it imported there.

Anonymous
Not applicable

Hi Jeffrey,

I was successful in implementing SSO b/w QlikSense & Salesforce with one user.

Now when I log in to QlikSense hub via sfdc it redirects me to Salesforce login page(okay) but when I login by another salesforce user, it is giving me the same error as in the screenshot above.

Cant know the reason.Maybe I didn't have that user in QS mapped.

How can I correct this? Urgently.

Anonymous
Not applicable

Hi Jeff,

I created SSO b/w QlikSense & Salesforce.

Tested with one user.Since in my case I was not having user in QlikSense so I think, it created a user with directory "SFDC" in qliksense with no stream allocated.

Is this applicable to all the users from Salesforce to open hub ? I mean can all users of Salesforce can login to QSsince I have created a virtual proxy here.?

I cant login to QS by second user but can do with first user.

Urgent.

BoB_Qlik_Support
Contributor II
Contributor II

Can windows AD userid can be used in SAML attribute for userid instead of email and what changes are needed to be done for this.

Regards