Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
fabio_hora
Partner - Contributor II
Partner - Contributor II

Qlik Sense ADFS SSO

Hi,

I already followed the three videos jog‌  posted and it covers almost all the case except when working with certificates from trusted root authority. What changes when using this instead or Qlik Sense certs? Do I need specific type of certificate or wildcard works?

Thanks,

Fabio

1 Solution

Accepted Solutions
Not applicable

Fabio,

So from a Qlik Sense perspective, you can use a named ssl cert for the Qlik Sense server or a wildcard cert.  The key piece is after you add the certificate to the Windows server and the thumbprint to Qlik Sense proxy, you have to regenerate the SP metadata from the virtual proxies page if you have already created the adfs virtual proxy.

Then when you upload SP metadata to ADFS the certificate will be part of the information imported.

As for the token signing and other certs for ADFS, those actually do not need to change, or can be set to certificates generated for ADFS.  While the video shows changing them, it is not necessary.  The problem with the default ADFS certs is that they expire after one year.  The Qlik Sense certs have a longer lifespan, that's one of the reasons why the video uses them.

Hope this helps.

Jeff G

View solution in original post

3 Replies
Not applicable

Fabio,

So from a Qlik Sense perspective, you can use a named ssl cert for the Qlik Sense server or a wildcard cert.  The key piece is after you add the certificate to the Windows server and the thumbprint to Qlik Sense proxy, you have to regenerate the SP metadata from the virtual proxies page if you have already created the adfs virtual proxy.

Then when you upload SP metadata to ADFS the certificate will be part of the information imported.

As for the token signing and other certs for ADFS, those actually do not need to change, or can be set to certificates generated for ADFS.  While the video shows changing them, it is not necessary.  The problem with the default ADFS certs is that they expire after one year.  The Qlik Sense certs have a longer lifespan, that's one of the reasons why the video uses them.

Hope this helps.

Jeff G

Anonymous
Not applicable

Hi Jeff,

I know this is an old post but i have a related query.

If i have done no Configuration and starting from scratch, than i dont need to change the procedure shown in those 3 videos. Just instead of QS self Sign Cert i can use Trusted Cert and everything else remain the same, please correct me if wrong.

Regards,

Anwar

Anonymous
Not applicable

jog

Any Inputs on the above, Also how does the URL change with using Trusted cert? how does a user navigate to the Hub?

Regards,

Anwar