I wonder if Allow anonymous user is tripping it up. What happens if you set to no anonymous users? In addition, have you set up PF with the SP metadata from Qlik Sense?
And to clarify, the userid attribute should be the attribute name or the schema reference url, and the user directory if static uses square brackets and not curly braces.
Do i need do the same for the SAML attribute mapping. Brackets for both SAML and QlikSense attributes
SAML Attribute mapping
SAML attribute QlikSense Attribute
If they are static (meaning that you aren't using an OID or schema definition) you need the brackets. The SAML attribute and the Qlik Sense attribute do not need to have the same name.
When i try the url servername/hub/saml .it redirects to windows authentication. If i try with servername/prefix i am getting the error as No available qliksense engine was found refresh your browser or contact your administrator.
Is there any port has to changed or any log files. how to look for request and response flow. I tried with fiddler didnt get anything.
ok, so with all virtual proxies (ticketing, header, session, or SAML) the prefix is mandatory or you are going to go the central proxy virtual proxy which is going to pop up windows authentication. So you do need to do this:
Logs are located in c:\programdata\qlik\sense\logs\proxy\trace and the audit proxy log.
servername/hub/saml is not valid.
Try the servername/virtualproxy/hub and see if you get redirected to PF. Check the logs and if you want attach them here and I can take a look.
Is there any way i can send the log only to you?
I am trying to SAML-authenticate Qlik Sense with Google as my identity provider and have followed the instructional video and your instructions from this thread. The error I am getting is "The user cannot be authenticated by the SAML response through the following proxy: QlikSense"
QlikSense is my virtual proxy. Here's the configuration
I have integrated SAML with 1 proxy node for PF IDP which works fine. Now I have added one more proxy node and I have linked the same node in SAML virtual proxy. When I try to access https://localhost/saml/hub I get below error.
Do I need to anything on top of this?
Thanks for your help in advance.
Immediately after seeing this error, look at the log file ????_audit_proxy.txt (found under
c:\programdata\qlik\sense\logs\proxy\trace\) and check the last few entries.
The log file will tell you why the authentication is failing. It could be your ID provider rejecting the request. Find out if something was changed in your ID provider side. If you have changed/updated your security certificate recently, you may have to send your metadata again to the ID provider and get it imported there.
This document was generated from the following discussion: QlikSense SAML