Qlik Community

Qlik Sense Enterprise Documents

Documents for Qlik Sense related information.

QlikSense SAML

Contributor III

QlikSense SAML

I have configured the SAML as suggested in the documentation. And when i tried to access the Qlik Sense URL with SAML as suggested in the documentation


the URL is getting redirected to the windows authentication like this https://serverSmiley Tongueort/windows_authentication/?targetId=11234 

and prompting for windows authentication. And it works fine.

(a) How to validate it is authenticated through SAML. Is there any logs associated with it ? Is it expected to prompt for windows authentication and validated through SAML.

Is there any specific setting has to be changed or additional coding required apart from the QMC settings


No, you shouldn't be redirected to a windows auth through the browser.  How are you configuring SAML?  Put another way, what identity management solution are you using as an identity provider?

Can you send a screen shot of your virtual proxy configuration?


It is ping federate

Virtual proxy configuration as follows


Description: SSO integration

Prefix : SSO

Session inactivity Timeout(Minutes) :30

Session Cookie header name : X-SSO-Session


Anonymous access mode: Allow anonymous user

Authentication method: SAML

SAML host URI : https://a1234d.abc.com

(--------------https://a1234d.abc.com/qmc/ and https://a1234d.abc.com/hub---------------)

SAML entitity Id : ssoqliksense

SAML Medtadata Idp : uploaded the metadata

SAML attribute for userid : {id }

SAML attribute for user active-directory:{id}

And linked to default proxy. Let me know if you need any additional information

Ok, have you configured a virtual proxy in Qlik Sense to talk to PingFederate with PFs idp metadata and then performed similar configuration on PF with Qlik Sense SP metadata?

For example, here is a screenshot of my SAML config for Salesforce on my Qlik Sense server.

2015-08-05 18_25_10-Virtual proxy edit - QMC.png

See the  SAML Metadata IdP?  Have you uploaded the PF metadata there?

For config examples, here is a set of videos for Salesforce and ADFS

I wonder if Allow anonymous user is tripping it up.  What happens if you set to no anonymous users?  In addition, have you set up PF with the SP metadata from Qlik Sense?

And to clarify, the userid attribute should be the attribute name or the schema reference url, and the user directory if static uses square brackets and not curly braces.


Thanks Jg

Do i need do the same for the SAML attribute mapping. Brackets for both SAML and QlikSense attributes

SAML Attribute mapping

SAML attribute  QlikSense Attribute

[id]                     [id]

If they are static (meaning that you aren't using an OID or schema definition) you need the brackets.  The SAML attribute and the Qlik Sense attribute do not need to have the same name.


Thanks jg

When i try the url servername/hub/saml .it redirects to windows authentication. If i try with servername/prefix i am getting the error as No available qliksense engine was found refresh your browser or contact your administrator.

Is there any port has to changed or any log files. how to look for request and response flow. I tried with fiddler didnt get anything.

ok, so with all virtual proxies (ticketing, header, session, or SAML) the prefix is mandatory or you are going to go the central proxy virtual proxy which is going to pop up windows authentication.  So you do need to do this:


As for ports, no ports should have to change.

Logs are located in c:\programdata\qlik\sense\logs\proxy\trace and the audit proxy log.

servername/hub/saml is not valid.

Try the servername/virtualproxy/hub and see if you get redirected to PF.  Check the logs and if you want attach them here and I can take a look.


Is there any way i can send the log only to you?


I am trying to SAML-authenticate Qlik Sense with Google as my identity provider and have followed the instructional video and your instructions from this thread. The error I am getting is "The user cannot be authenticated by the SAML response through the following proxy: QlikSense"

QlikSense is my virtual proxy. Here's the configuration


Description: SSSO authentication with Google

Prefix : sso

Session inactivity Timeout(Minutes) :30

Session Cookie header name : X-Qlik-Session-SSO


Anonymous access mode: No anonymous user

Authentication method: SAML

SAML host URI : https://testdashboard.irri.org

SAML entitity Id : sso

SAML Medtadata Idp : uploaded the metadata in QMC

SAML attribute for userid : email

SAML attribute for user active-directory: [GOOGLE]

have linked to default proxy Central.

The link https://testdashboard.irri.org/sso produce the error i mentioned above. The Google part seemed to be working as it passes through Google authentication:

Google login window:

Screen Shot 2016-06-15 at 9.54.43 AM.png

2 factor authentication

Screen Shot 2016-06-15 at 9.54.29 AM.png

then the error in Qlik

Screen Shot 2016-06-15 at 9.55.04 AM.png

Any idea where to look at to fix this?



I figured it out and it's working like a charm!

Anyone who wants to implement the same in their organization, send me an email.




Hi All,

I have integrated SAML with 1 proxy node for PF IDP which works fine. Now I have added one more proxy node and I have linked the same node in SAML virtual proxy. When I try to access https://localhost/saml/hub I get below error.

Do I need to anything on top of this?

Thanks for your help in advance.

Please help!!

Immediately after seeing this error, look at the log file ????_audit_proxy.txt (found under

c:\programdata\qlik\sense\logs\proxy\trace\) and check the last few entries.

The log file will tell you why the authentication is failing. It could be your ID provider rejecting the request. Find out if something was changed in your ID provider side. If you have changed/updated your security certificate recently, you may have to send your metadata again to the ID provider and get it imported there.

This document was generated from the following discussion: QlikSense SAML

Version history
Revision #:
1 of 1
Last update:
‎02-01-2017 12:49 PM
Updated by: