Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
Not applicable

Qlik Sense ADFS - Invalid metadata file

Dear all,

I am trying to integrate Sense with ADFS following instructions from Jeffrey Goldberg's videoQlik Sense SAML: ADFS Integration Part Two of Three

Initial configuration on ADFS side has been done, the Virtual Proxy has been created, but when I try to upload the ADFS metadata XML file, it's not being accepted. Here is what happens:

If I upload the original xml without removing anything I get the following errors:

  1. This is an invalid xsi:type 'http://docs.oasis-open.org/wsfed/federation/200706:ApplicationServiceType' (this appears in RoleDescriptor)
  2. This is an invalid xsi:type 'http://docs.oasis-open.org/wsfed/federation/200706:SecurityTokenServiceType' (this appears in RoleDescriptor)
  3. The element 'Organization' in namespace 'urn:oasis:names:tc:SAML:2.0:metadata' has incomplete content. List of possible elements expected: OrganizationName, OrganizationDisplayName'

- If I remove RoleDescriptor (as per instructions of QlikSense SAML integration, this needs to be removed), I get the following error:  The element 'EntityDescriptor' in namespace 'urn:oasis:names:tc:SAML:2.0:metadata' has invalid child element 'Organization'. List of possible elements expected: 'Extensions, RoleDescriptor, IDPSSODescriptor, SPSSODescriptor, AuthnAutorityDescriptor, PDPDescriptor, AffilliationDescriptor'

I really think the problem is not related to the Organization element, but the fact that it expects one of the above mentioned descriptors first; but instead, it encounters the Organization element thus why throwing this error. To be more precise, I think it expects to find the SPSSODescriptor. Looking at the video tutorial, one can see that the SPSSODescriptor exists and is right after the RoleDescriptor. However in our xml file it's missing completely.

I have attached the original metadata file (after removing sensitive data).

Kindly let me know if you know what the problem might be and how I can get it sorted. Any advise will be much appreciated!

P.S. We are on version 3.1.4, with Shared Persistence.

Kind regards,

Mihai

1 Solution

Accepted Solutions
Not applicable
Author

A metadata file has been manually created. It was accepted by Qlik Sense.

View solution in original post

3 Replies
Not applicable
Author

jog‌ - Can you kindly advise?

Not applicable
Author

A metadata file has been manually created. It was accepted by Qlik Sense.

StevenJDH
Employee
Employee

As strange as these errors might be when importing the metadata, they are probably one of the most useful once you understand what it is trying to say compared to other errors in general. What is happening is that Qlik Sense is validating the metadata file to check for any invalid entries. Different Identity Providers will sometimes include extra information that might conflict with what Qlik Sense expects and what is not needed. I recently solved one case where 90% of the content was removed because it was not needed or invalid, and therefore, it would not import.

Long story short, to solve this specific issue, read what the error message says and remove that entry that is mentioned. It may specify more than one entry at the same time or it may specify additional entries after you correct the first ones mentioned, this is normal, and it means you are making progress. Once validation makes it through the entire file without an issue, it will import. Just remember to remove from the start of that entry to where it ends, which will have the slash in front.

Generally, you will have two types of errors, the first is the entry that is invalid and that you have to remove, and the second is a child entry of the entry that is mentioned. This last one is just Qlik Sense's way of telling you exactly where to find that child entry. In the case of the sample error you provided, it is saying that you have to remove the entire ApplicationServiceType and SecurityTokenServiceType entries as well as the child entry 'Organization' that can be found inside the 'EntityDescriptor' entry but don't remove the 'EntityDescriptor' entry. The expectations at the end of the error can just be ignored as this is just technical information for anyone trying to develop a metadata file to this specification. The last case I worked on was a metadata file from IDAM, which had these same entries that had to be removed plus others.