Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Feb 25, 2021 8:06:32 AM
May 12, 2016 4:15:27 AM
When trying to configure SAML authentication with Qlik Sense you may see SAML GET request invalid format or SAML POST request invalid format errors, unfortunately these errors do not indicate what is incorrect about the request.
Environments:
This needs to be exactly the same URL than the one in the Service Provider metadata, including the ending slash
For example: https://qlikserver2.domain.local:443/prefix/samlauthn/ will work but https://qlikserver2.domain.local:443/prefix/samlauthn will not work.
If that value is missing then the Invalid Format error is generated.
RelayState is optional for Identity Provider initiated authentication.
RelayState is sent as a query parameter in both the SAML Request and the SAML Response, the value in both of them must be matching for the authentication to succeed.
Make sure that the SAML assertion (section in the SAML response returned by the IdP) has some attributes included, if there are no attributes at all in the SAML assertion, then this generic error GET request invalid format will be thrown, if there is at least one attribute, the error will be more talkative about if there is another attribute missing.
Make sure that the SAML Assertion Consumer URL is all in lower case in the Identity Provider settings. If Qlik Sense is called on a URL that contains any character in upper case, it will redirect to the URL that is all in lower case, but the SAML response content will be lost during redirection, which will cause this error to appear in the logs.
For example: https://servername/prefix/samlauthn/ will work, but https://servername/PREFIX/samlauthn/ will not work.