Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
SAML is not supported by default in QlikView but can be implemented by creating a custom authentication module that will convert SAML requests/responses to QlikView Ticket to log the user in.
This customization is provided as is. Qlik Support cannot provide continued support of the solution. For assistance, contact our Professional Services or engage in our QlikView Integrations forum.
Currently, this solution only works for SP initiated authentication. Making it work for IDP-initiated authentication might require further code changes in the library/module source code.
This has been tested with QlikView 12.10 SR7.
<GetWebTicket url="/QvAjaxZfc/GetWebTicket.aspx"/>
to<GetWebTicket url="/QvAjaxZfc/GetWebTicket.aspx">
<TrustedIP>fe80::b178:730a:5c2a:86d2%11</TrustedIP>
</GetWebTicket>
public void ValidateAttribute(SamlAttribute samlAttribute)
{
if (!Uri.IsWellFormedUriString(samlAttribute.Name, UriKind.Absolute))
throw new DKSaml20FormatException("The DK-SAML 2.0 profile requires that an attribute's \"Name\" is an URI.");
after
public void ValidateAttribute(SamlAttribute samlAttribute)
{
/*
if (!Uri.IsWellFormedUriString(samlAttribute.Name, UriKind.Absolute))
throw new DKSaml20FormatException("The DK-SAML 2.0 profile requires that an attribute's \"Name\" is an URI.");
*/
<QlikViewSaml
accessPointUrl="https://qlikserver1.domain.local/"
authenticatePage="QvAjaxZfc/Authenticate.aspx"
webTicketPage="QvAjaxZfc/GetWebTicket.aspx"
tryPage="https://qlikserver1.domain.local/qlikview/"
backUrl="https://qlikserver1.domain.local/webticketerror.html" />
Replace https://qlikserver1.domain.local/ by your qlikview server URL in the above code.<AllowedAudienceUris>
<Audience>https://qlikserver1.domain.local</Audience>
</AllowedAudienceUris>
<Federation xmlns="urn:dk.nita.saml20.configuration">
<SigningCertificate findValue="CN=qlikserver1" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName"/>
*In this case, we use a certificate that has "CN=qlikserver1" as its distinguished name.<IDPEndPoints metadata="C:\idpdata\">
...
This is with OneLogin. Do we need to compile the code again for QlikView April2020? We already have this custom solution working on 12.10.20200 version but when we tried on April 2020, its not working.
Our IDP is Microsoft Azure (MyApps).
Hi @Damien_V ,
Are there any documentions or KB on SAML integration when the QV is hosted on the QVWS server and not IIS?
Thanks
Hello @ilyas393
IIS is a requirement, as the QlikView Webserver itself does not allow for the customization needed. If you require custom solutions, I would recommend reaching out to our professional services for further assistance.
All the best,
Sonja
Hello @Damien_V @Sonja_Bauernfeind ,
We have followed the same steps mentioned to implement SSO with Google as IdP. While "Test the solution and log in: "hile we are able to get till step 1 in it. However as soon as we click on "Go To QlikView " we are error as below. Metadata of Idp is placed in C:\idpdata\ but we don't have any SP metadata to download and upload in configuration of Google SSO. Could you please let us know what is going wrong here ?
Hello @sanrout
This customization is provided as is. Qlik Support cannot provide continued support of the solution. For assistance, contact our Professional Services or engage in our QlikView Integrations forum.
All the best,
Sonja
@sanrout
Were you able to get past the choose identity provider screen you posted? I am running into the same issue