Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Join us at Qlik Connect for 3 magical days of learning, networking,and inspiration! REGISTER TODAY and save!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
fjuken
Contributor II
Contributor II
‎2022-07-06 01:48 PM

SAML attribute in section access

Hi,

Configured Integration from Qlik Sense onPrem towards Azure AD.
Access to QMC and Hub works fine using security rules , but when I access a app i get 'access denied'.
Based on documentation it should be possible to reUse the SAML 'group' attribute in access script, right?

Please advice!

fjuken_0-1657129415888.png

 

fjuken_1-1657129522061.png

Labels (2)
Labels
1,174 Views
0 Likes
1 Solution

Accepted Solutions
fjuken
Contributor II
Contributor II
‎2022-10-28 11:43 AM
Author

In response to Eugene_Sleator

Hi @Eugene_Sleator 

Seems like our issue is related to casing.
After adding this to the access script we managed to login and access app.

_sa:
LOAD Upper(ACCESS) AS ACCESS,
Upper(USERID) AS USERID,
Upper(GROUP) AS GROUP,
Upper(%SAKEY) AS %SAKEY
Inline [

Br,
Håvard Fjukstad.

 

View solution in original post

917 Views
0 Likes
4 Replies
Eugene_Sleator
Support
Support
‎2022-09-29 05:10 AM

HI @fjuken in order for this to work you need to include the Group attribute in the Virtual Proxy. Please refer to these Qlik articles for an explanation;

Qlik Sense: Section Access not working with SAML attributes 

User-Environment-What-Session-Attributes-in-Qlik-Sense 

Section-Access-User-Attributes 

Hope this helps

 

1,036 Views
0 Likes
fjuken
Contributor II
Contributor II
‎2022-09-29 09:37 AM
Author

In response to Eugene_Sleator

Thanks for reply, @Eugene_Sleator !

We've configured following on the virtual Proxy (we're sending group objects from AzureAD as attribute 'group')

fjuken_0-1664458142133.png

Using this proxy for access to QMC and HUB works as expected, but when we try to access apps we get 'Access Denied'

fjuken_1-1664458326382.png

We tried different combinations of adding this to the access script, as you see an example of in the post, both linking to group attribute and the username of the SAML authenticated user ++ but we're not able to get access to the app using SAML authentication.. 

Br,

Håvard Fjukstad.

 

 

1,023 Views
0 Likes
Eugene_Sleator
Support
Support
‎2022-10-25 09:52 AM

Hi @fjuken can you try with the "SAML attribute" set to groups NOT group 

930 Views
0 Likes
fjuken
Contributor II
Contributor II
‎2022-10-28 11:43 AM
Author

In response to Eugene_Sleator

Hi @Eugene_Sleator 

Seems like our issue is related to casing.
After adding this to the access script we managed to login and access app.

_sa:
LOAD Upper(ACCESS) AS ACCESS,
Upper(USERID) AS USERID,
Upper(GROUP) AS GROUP,
Upper(%SAKEY) AS %SAKEY
Inline [

Br,
Håvard Fjukstad.

 

918 Views
0 Likes