Re: SAML Authentication - Qlik Community

Anonymous · ‎2018-02-05

Hi,

I want to use Keycloak like Identity Provider for Qlik Sense.

I configure a virtual proxy in QMC Qlik and a client in Keycloak.

When I go to https://myqlikserver.fr/keycloak/hub, I have Error 500.

Anyone knows keycloak or have already configure a SAML virtual proxy ?

I see videos from Youtube but I don't find my solution with these 2 systems.

Regards

Anonymous · ‎2018-02-12

I resolve my problem, communication between Qlik and Keycloak works.

So, if y ou have same problematic, you can contact me.

Regards

Anonymous · ‎2018-05-11

Hi Emeline,

I am struggling to get this to work, could you share what you did?

Thanks

neo_lee · ‎2018-06-21

Keycloak exposes different XML metadata, you will need to edit the XML metadata to suit Qlik Sense format.

lee_connor · ‎2018-09-04

Hi,

I am having a similar issue with Google, it is authenticating if I am logged into Google but if not I am getting a 500 error but nothing in the logs so I am suspecting it may be the IdP format from google.

How do you get an example format of the IdP file ?

Lee

Anonymous · ‎2018-09-04

Finally it was a wrong configuration into Keycloak.

IdP file looks like :

<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" entityID="https://keycloak_server/auth/realms/myrealm"><IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><KeyDescriptor use="signing"><dsig:KeyInfo><dsig:KeyName>JkhkWVjQNl_s0-TTkaEhI2hIn37xZyFRFl0m_PqS_BM</dsig:KeyName><dsig:X509Data><dsig:X509Certificate>MIIC...X2yfdJul2FQywQ==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo></KeyDescriptor><SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://keycloak_server/auth/realms/myrealm/protocol/saml"></SingleLogoutService><SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://keycloak_server/auth/realms/myrealm/protocol/saml"></SingleLogoutService><NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat><NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat><NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat><NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat><SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://keycloak_server/auth/realms/myrealm/protocol/saml"></SingleSignOnService><SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://keycloak_server/auth/realms/myrealm/protocol/saml"></SingleSignOnService></IDPSSODescriptor></EntityDescriptor>

lee_connor · ‎2018-09-05

Thanks and my format looks OK, so I am not sure what is wrong with my setup now... thanks for your help anyway.

I have posted another community question asking for help with details of my setup here: https://community.qlik.com/thread/312910

Lee

binujose1982 · ‎2019-05-28

Hi,

I am using OAM as service provide,

I uploaded the idp metadata to the virtual proxy and SP metadata to the service provider.

Unfortunately, I am getting Qliksense 500 Internal Server error.

I am using https://[domain]/[Virtual Proxy prefix]/hub URL.

Could you please help me on this?

Thanks,

Binu

StevenJDH · ‎2019-05-30

Error 500 usually means there is a configuration issue associated with Qlik Sense, but usually external to Qlik Sense. Have a look at this article to see if it helps https://support.qlik.com/articles/000041560

czoeller · ‎2019-06-27

Hi,

I have the same problem. Can you tell me how you resolved it ?

Regards