Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE
Eva_B
Employee
Employee
‎2019-09-05 11:39 AM

Qlik NPrinting Integration with SAML

Hello Qlik NPrinting World!!

 

Last time I talked about Qlik NPrinting connections, but now we are going to delve into integrating Qlik NPrinting with SAML!

 

Topics:

  1. What is SAML?
  2. IdP versus SP Initiated SAML
  3. Requirements 
  4. Limitations
  5. Configuration

 

What is SAML?

SAML or Security Assertion Markup Language is a form of Single Sign On. It allows the end users to login to the Qlik NPrinting WebConsole and/or NewsStand with the click of a button.

2019-09-05 10_55_14-Window.png

 IdP versus SP Initiated SAML:

IdP (Identity Provider) Initiated SAML starts at the Identity Provider URL such as Okta, PingIdentity, ADFS and then redirects the user to the Service Provider URL, Qlik NPrinting.

SP (Service Provider) Initiated SAML starts at the Service Provider URL, Qlik NPrinting, then redirects the user to the IdP for Authentication, and then redirects back to the Service Provider URL.

 

IdP.png

 

Requirements:

  • An installed and licensed version of Qlik NPrinting Server April 2018 or newer
  • Administrative Accounts for both Qlik NPrinting and the Identity Provider

 

Limitations:

Deploying Qlik NPrinting SAML

  • Qlik NPrinting does not sign the SAML authentication request. This means that identity providers that require the SAML authentication request to be signed are not supported.
  • SAML response encryption is not supported, so encrypted messages or attributes are not read by Qlik NPrinting.
  • SAML single logout is not supported.

 

Configuration:

I worked with the Education Team to help create a "Qlik Fix" video. The video is found here:

It will take you through the configuration steps to integrate Qlik NPrinting with SAML, in the video we are using Okta as our Identity Provider.

To summarize the video:

First enable SAML in Qlik NPrinting:

  1. Log into the Qlik NPrinting WebConsole with an Administrative User
  2. Click on Admin and choose Settings
  3. Select the SAML button
  4. Click Add Configuration
  5. Add a name for this configuration
  6. Insert your FQDN for the Service Provider URL with the appropriate port number.                                                     Example: https://QlikNPrintingServer.com:4993
    1. 4993 = WebConsole
    2. 4994 = NewsStand
  7. Enter an Entity ID
  8. Select the Authenticate user by email option and enter the attribute for email. 

  9.  Click Save

  10. Open the SAML page again and download the SP Metadata. This will be our "cheat sheet" for setting up the Identity Provider.

Second setup your Okta Configuration:

  1. Log into Okta with an Administrative User
  2. Click the Admin button
  3. Click Add Applications
  4. Create New App
  5. Choose the Web Platform and SAML 2.0 for the Sign On Method
  6. Click Create
  7. Choose an App Name
  8. Click Next
  9. Enter the Single Sign On URL. This is the same URL that appears in the SP Metadata that was downloaded earlier. The URL will be in the Location setting. Do not enter any quotes.
  10. Enter the Audience URI (SP Entity ID) this is the Entity ID you setup in Qlik NPrinting. The Entity ID will also be in the SP metadata file that was downloaded earlier. It will be in the entityID setting. Do not enter any quotes.
  11. The Default RelayState should remain empty
  12. The Name ID Format is always Transient. This would match the SP Metadata file that was downloaded earlier from Qlik NPrinting.
  13. Application username is Okta username
  14. Enter any Attributes and Group Attribute statements2019-09-05 11_25_23-Window.png

  15. Click Finish

  16. On the Sign On screen right click on the Identity Provider Metadata and choose "Save Link As" ensure you save the file with a .xml file extension

  17. Return to the Qlik NPrinting WebConsole - Admin - Settings - SAML Settings

  18. Open the SAML page again by selecting the appropriate name

  19. Browse for the IdP xml Metadata file previously downloaded from the Okta site

  20. Click Save

  21. Navigate back to the Okta Admin page and choose the Assignment tab

  22. Choose the necessary users that need access to the Qlik NPrinting WebConsole 

Testing:

  1. Open the Qlik NPrinting WebConsole
  2. Choose the OktaWebConsole button at the login screen 2019-09-05 11_36_21-Window.png
  3. You will be redirected to Okta, enter your credentials
  4. You will be redirected to the Qlik NPrinting WebConsole

 

Congratulations!! The SAML Authentication should now be setup between Qlik NPrinting WebConsole and Okta. ✔️

A step-by-step guide is found in our Knowledge Article: Qlik NPrinting SAML Authentication with Okta

 

Are there any other Identity Providers that you would like to see added to our Knowledge? Recently I configured Qlik NPrinting with PingOne PingIdentity. That article is found here: Qlik NPrinting SAML Authentication with PingOne PingIdentity

 

Please let me know in the comments!

5,859 Views
7 Comments
Subscribe by Topic