Qlik Community

Qlik Sense Integration, Extensions, & APIs

Discussion board where members can learn more about Integration, Extensions and API’s for Qlik Sense.

echevalier
New Contributor II

SAML Authentication

Hi,

I want to use Keycloak like Identity Provider for Qlik Sense.

I configure a virtual proxy in QMC Qlik and a client in Keycloak.

When I go to https://myqlikserver.fr/keycloak/hub, I have Error 500.

Anyone knows keycloak or have already configure a SAML virtual proxy ?

I see videos from Youtube but I don't find my solution with these 2 systems.

Regards

vp-qlik.jpg

Tags (2)
6 Replies
echevalier
New Contributor II

Re: SAML Authentication

I resolve my problem, communication between Qlik and Keycloak works.

So, if y ou have same problematic, you can contact me.

Regards

aventer1
New Contributor

Re: SAML Authentication

Hi Emeline,

I am struggling to get this to work, could you share what you did?

Thanks

neo_lee
New Contributor III

Re: SAML Authentication

Keycloak exposes different XML metadata, you will need to edit the XML metadata to suit Qlik Sense format.

lee_connor
New Contributor II

Re: SAML Authentication

Hi,

I am having a similar issue with Google, it is authenticating if I am logged into Google but if not I am getting a 500 error but nothing in the logs so I am suspecting it may be the IdP format from google.

How do you get an example format of the IdP file ?

Lee

echevalier
New Contributor II

Re: SAML Authentication

Finally it was a wrong configuration into Keycloak.

IdP file looks like :

<EntityDescriptor xmlns="urnSmiley Surprisedasis:names:tcSmiley FrustratedAML:2.0:metadata" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" entityID="https://keycloak_server/auth/realms/myrealm"><IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urnSmiley Surprisedasis:names:tcSmiley FrustratedAML:2.0Smiley Tonguerotocol"><KeyDescriptor use="signing"><dsig:KeyInfo><dsig:KeyName>JkhkWVjQNl_s0-TTkaEhI2hIn37xZyFRFl0m_PqS_BM</dsig:KeyName><dsig:X509Data><dsig:X509Certificate>MIIC...X2yfdJul2FQywQ==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo></KeyDescriptor><SingleLogoutService Binding="urnSmiley Surprisedasis:names:tcSmiley FrustratedAML:2.0:bindings:HTTP-POST" Location="https://keycloak_server/auth/realms/myrealm/protocol/saml"></SingleLogoutService><SingleLogoutService Binding="urnSmiley Surprisedasis:names:tcSmiley FrustratedAML:2.0:bindings:HTTP-Redirect" Location="https://keycloak_server/auth/realms/myrealm/protocol/saml"></SingleLogoutService><NameIDFormat>urnSmiley Surprisedasis:names:tcSmiley FrustratedAML:2.0:nameid-formatSmiley Tongueersistent</NameIDFormat><NameIDFormat>urnSmiley Surprisedasis:names:tcSmiley FrustratedAML:2.0:nameid-format:transient</NameIDFormat><NameIDFormat>urnSmiley Surprisedasis:names:tcSmiley FrustratedAML:1.1:nameid-format:unspecified</NameIDFormat><NameIDFormat>urnSmiley Surprisedasis:names:tcSmiley FrustratedAML:1.1:nameid-format:emailAddress</NameIDFormat><SingleSignOnService Binding="urnSmiley Surprisedasis:names:tcSmiley FrustratedAML:2.0:bindings:HTTP-POST" Location="https://keycloak_server/auth/realms/myrealm/protocol/saml"></SingleSignOnService><SingleSignOnService Binding="urnSmiley Surprisedasis:names:tcSmiley FrustratedAML:2.0:bindings:HTTP-Redirect" Location="https://keycloak_server/auth/realms/myrealm/protocol/saml"></SingleSignOnService></IDPSSODescriptor></EntityDescriptor>

lee_connor
New Contributor II

Re: SAML Authentication

Thanks and my format looks OK, so I am not sure what is wrong with my setup now... thanks for your help anyway.

I have posted another community question asking for help with details of my setup here: https://community.qlik.com/thread/312910

Lee

Community Browser