Qlik Community

Qlik Sense Deployment & Management

Discussion board where members learn more about Qlik Sense Installation, Deployment and Management.

Highlighted
Luminary
Luminary

saml

Hi,

Did anyone have experience installing Qlik Sense SAML on Azure with Azure's AD?

I've been able to connect it to the Domain, local user via a virtual proxy. This all works.

But can't get SAML to work.

2016-05-26_21-02-12.png

Did someone create a walkthrough where I should get the details on how to do this?

Qlik's online help was not so straightforward.

Kind Regards,

Dion

Tags (2)
1 Solution

Accepted Solutions
MVP & Luminary
MVP & Luminary

Re: saml

5 Replies
MVP & Luminary
MVP & Luminary

Re: saml

opensteps
New Contributor II

Re: saml

Hi Dion.

I've a working Azure AD Virtual Proxy setup. If you need help, my email is in my profile.

- Egbert

Partner
Partner

Re: saml

Hi Egbert,

Sounds interesting - I have been browsing a bit and could not find any detailed information (step by step) on what to do in order to authenticate against an Azure AD - do you have any information you can share?

opensteps
New Contributor II

Re: saml

Steps in QMC:

- Create new Virtual Proxy

Identification

Name: Azure
Prefix: azure
Session inactivy timeout: 30
Session cookiename: X-Qlik-Session-Azure

Authentication

Anonymous access mode: No anonymous user

Authentication method: SAML

SAML Host URI: https://your-qliksense-server.domain.tld/

SAML Entity Id: https://your-qliksense-server.domain.tld/azure/

SAML IdP Metadata: (comes next, after creating application in Azure AD)

SAML attribute for user ID: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

SAML attribute for user directory: [Azure]

SAML signing algorithm: SHA-1

Load balancing

Add your Proxy here.

Steps in Azure:

- Login to Azure old portal at https://manage.windowsazure.com/

- Navigate to your Azure Active Directory, select Applications

- Add an application. Choose "Add an application my organization is developing".

- Give it a name, choose "WEB APPLICATION AND/OR WEB API".

- Sign-on url: https://your-qliksense-server.domain.tld/azure/, app id uri can be the same uri.

- Configure application, add Reply URL https://your-qliksense-server.domain.tld/azure/samlauthn/

- Click View endpoints in the bar on the bottom.

- Navigate to your FEDERATION METADATA DOCUMENT Url, e.g. https://login.microsoftonline.com/<your-tenant-id>/federationmetadata/2007-06/federationmetadata.xml. Download that document to your computer.

Step back in QMC:

- Upload metadata XML in your Virtual Proxy, field SAML IdP Metadata.

Navigate in a new private window of your browser to https://your-qliksense-server.domain.tld/azure/. You should be redirected to https://login.microsoftonline.com/<your-tenant-id>/saml2?<long-querystring>. After entering your Azure credentials here you should be redirected back to Qlik Sense. You might get a QS access error (the nice one) due to a missing license. The user should be visible in QMC.

Not applicable

Re: saml

Hello Egbert,

Do you still have a working Azure AD Virtual Proxy setup? I am interested to see your settings. I am getting the same error message.