Discussion board where members learn more about Qlik Sense Installation, Deployment and Management.
Did anyone have experience installing Qlik Sense SAML on Azure with Azure's AD?
I've been able to connect it to the Domain, local user via a virtual proxy. This all works.
But can't get SAML to work.
Did someone create a walkthrough where I should get the details on how to do this?
Qlik's online help was not so straightforward.
Here are various postings to this topic: https://community.qlik.com/search.jspa?q=error+500
View solution in original post
I've a working Azure AD Virtual Proxy setup. If you need help, my email is in my profile.
Sounds interesting - I have been browsing a bit and could not find any detailed information (step by step) on what to do in order to authenticate against an Azure AD - do you have any information you can share?
Steps in QMC:
- Create new Virtual Proxy
Name: AzurePrefix: azureSession inactivy timeout: 30Session cookiename: X-Qlik-Session-Azure
Anonymous access mode: No anonymous user
Authentication method: SAML
SAML Host URI: https://your-qliksense-server.domain.tld/
SAML Entity Id: https://your-qliksense-server.domain.tld/azure/
SAML IdP Metadata: (comes next, after creating application in Azure AD)
SAML attribute for user ID: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
SAML attribute for user directory: [Azure]
SAML signing algorithm: SHA-1
Add your Proxy here.
Steps in Azure:
- Login to Azure old portal at https://manage.windowsazure.com/
- Navigate to your Azure Active Directory, select Applications
- Add an application. Choose "Add an application my organization is developing".
- Give it a name, choose "WEB APPLICATION AND/OR WEB API".
- Sign-on url: https://your-qliksense-server.domain.tld/azure/, app id uri can be the same uri.
- Configure application, add Reply URL https://your-qliksense-server.domain.tld/azure/samlauthn/
- Click View endpoints in the bar on the bottom.
- Navigate to your FEDERATION METADATA DOCUMENT Url, e.g. https://login.microsoftonline.com/<your-tenant-id>/federationmetadata/2007-06/federationmetadata.xml. Download that document to your computer.
Step back in QMC:
- Upload metadata XML in your Virtual Proxy, field SAML IdP Metadata.
Navigate in a new private window of your browser to https://your-qliksense-server.domain.tld/azure/. You should be redirected to https://login.microsoftonline.com/<your-tenant-id>/saml2?<long-querystring>. After entering your Azure credentials here you should be redirected back to Qlik Sense. You might get a QS access error (the nice one) due to a missing license. The user should be visible in QMC.
Do you still have a working Azure AD Virtual Proxy setup? I am interested to see your settings. I am getting the same error message.