1 Reply Latest reply: Feb 10, 2017 2:58 AM by Peter van Oers RSS

    SAML - ADFS and group info

    Peter van Oers

      At this moment our production Qlik Sense server is a AD server and I'm checking if it's possible to move it to out DMZ zone with ADFS authentication. (preventing to open up the firewall for AD integration)

       

      I've build a test enviroment with SAML - ADFS, guided by the video instructions made by Jeffrey Goldberg. Server are Windows 2012 R2 and Qlik Sense Server is 3.1.3.

       

      Everything is working, but I'm a litte bit puzzled by the group function. I'm using AD groups to authorize streams and control the token licenses. But with the ADFS there are no Groups in my QMC. There is a SAML Attribute with groups and in the Rules mapping in  ADFS there is also a group mapping.

       

      Does any one know how this functionality works? Can I expect groups in my QMC?

       

      Peter van Oers.

        • Re: SAML - ADFS and group info
          Peter van Oers

          I've upgraded the test enviroment to QS 3.2 hoping that this fixed issue would help me:

           

          ADFS as the identity provider not working with user.environment.group

          Jira issue ID: QLIK-67055

          Description: Environment attributes were not supported to give access for export, publish and

          duplicating apps.

           

          But no luck, there is no user.enviroment.group available in the security rules.