Please note that instructions and examples in this article are provided as is and will likely require additional adjustments for direct deployment. The instructions and information are intended as guides. If you require additional assistance, we encourage you to post your questions in the corresponding community forum or to contact our Professional Services.
Description
When you set up a virtual proxy with SAML in Qlik Sense, you are asked to fill in several attributes such as the attribute for the User Id or the one for User Directory.
This article explains what are SAML attributes and give some examples of where it can be found for different SAML Identity providers.
Resolution:
SAML attributes can have different names depending on the Identity providers.
Attributes can be printed in the logs by enabling DEBUG logs on Proxy Audit logs.
See How to see SAML attributes received by Qlik Sense (user.environment) for details.
It can also be found in the SAML assertion, which can be seen using a browser extension such as SAML Tracer for Firefox or SAML DevTools extension for Chrome.
ADFS:
Go to [Claim descriptions]
In Qlik Sense, you can use either the claim name or the claim type.
It is also possible to create custom claims, some examples are available in the following articles:
Qlik Sense: Set up dynamic domain name for ADFS (SAML)
Qlik Sense: Work around the 20 characters limit on user names when using ADFS (SAML)
OneLogin:
Go to [Parameters] to check/add attributes.
Make sure that the box "Include in SAML assertion" is checked for it to be usable.
Azure:
This can be found under [User Attributes]
You can use the attribute name with or without its namespace in front.
Salesforce:
There are 4 attributes included by default.
- userId
- username
- email
- is_portal_user
To add a custom attribute, go to Connected applications > Manage connected applications > Custom attributes