Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
simon_minifie
Partner - Creator III
Partner - Creator III
‎2019-03-19 06:42 AM

Error authenticating using OneLogin SAML

Hi All,

 

Know that there's a few posts on here with much head scratching, but in this case I feel pretty close. 

Scenario is setting up SAML login via OneLogin. After much messing about with certificates and config files, I'm at this point and can't work out the way forward. I feel the issue is down to attributes being passed from OneLogin to the qvsaml module, but can't get past it.

Any help would be greatly received.


CaptureComm.PNG

Many thanks,

Simon

Labels (3)
Labels
870 Views
0 Likes
1 Solution

Accepted Solutions
simon_minifie
Partner - Creator III
Partner - Creator III
‎2019-03-20 09:35 AM
Author

In response to Albert_Candelario

Hi Albert,

Thanks, that was the document I was working from.

It doesn't cover all the parts that need to be changed, but worked out the rest as I went along.

As for the error, it turned out to be a typo on the OneLogin side which I picked up by going through the IIS logs.

Thanks,

Simon

View solution in original post

844 Views
3 Replies
Albert_Candelario
Support
Support
‎2019-03-20 06:08 AM

Hi,

 

Did you checked this article ?

https://support.qlik.com/articles/000045626

It contains useful information and example on how to achieve this. So, could be useful.

Cheers!

Please, remember to mark the thread as solved once getting the correct answer
848 Views
simon_minifie
Partner - Creator III
Partner - Creator III
‎2019-03-20 09:35 AM
Author

In response to Albert_Candelario

Hi Albert,

Thanks, that was the document I was working from.

It doesn't cover all the parts that need to be changed, but worked out the rest as I went along.

As for the error, it turned out to be a typo on the OneLogin side which I picked up by going through the IIS logs.

Thanks,

Simon

845 Views
patrickdoerr
Contributor
Contributor
‎2020-08-05 03:13 PM

In response to simon_minifie

Hello,

I am also struggeling with this solution (using KeyCloak instead of OneLogin).

Maybe you ran in the same issue...?

 

WebTicket-Generation is not working, because the GetWebTicket.aspx is not accessable after enabling "Forms" Authentication for the whole/QvAjaxZfc IIS application - which is the needed setting to get SAML working.

Error is visible in windows event log - reproducable in PostMan, but also when the QlikView.aspx is doing the request after successful SAML Responde decoding.

POST https://servername/QvAjaxZfc/GetWebTicket.aspx

Server Error in '/QvAjaxZfc' Application.

Value cannot be null.
Parameter name: identity

 

[ArgumentNullException: Value cannot be null.
Parameter name: identity]
System.Security.Claims.ClaimsPrincipal..ctor(IIdentity identity) +14526062
System.Security.Principal.WindowsPrincipal..ctor(WindowsIdentity ntIdentity) +24
SolutionGlobal.WebService.LocalUserHandler.CheckGroupMembership(IPrincipal userPrincipal, SecurityIdentifier groupSi, String groupName) +116
SolutionGlobal.WebService.LocalUserHandler.CheckQvAdminMembership(IPrincipal userPrincipal) +297
QlikView.AccessPoint.GetWebTicketHandler.HandleRequest(Context context) +66
System.Web.UI.Control.OnLoad(EventArgs e) +108
System.Web.UI.Control.LoadRecursive() +90
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1607

 

 

 

683 Views
0 Likes