I am trying to integrate Sense with ADFS following instructions from Jeffrey Goldberg's videoQlik Sense SAML: ADFS Integration Part Two of Three
Initial configuration on ADFS side has been done, the Virtual Proxy has been created, but when I try to upload the ADFS metadata XML file, it's not being accepted. Here is what happens:
If I upload the original xml without removing anything I get the following errors:
- This is an invalid xsi:type 'http://docs.oasis-open.org/wsfed/federation/200706:ApplicationServiceType' (this appears in RoleDescriptor)
- This is an invalid xsi:type 'http://docs.oasis-open.org/wsfed/federation/200706:SecurityTokenServiceType' (this appears in RoleDescriptor)
- The element 'Organization' in namespace 'urn:oasis:names:tc:SAML:2.0:metadata' has incomplete content. List of possible elements expected: OrganizationName, OrganizationDisplayName'
- If I remove RoleDescriptor (as per instructions of QlikSense SAML integration, this needs to be removed), I get the following error: The element 'EntityDescriptor' in namespace 'urn:oasis:names:tc:SAML:2.0:metadata' has invalid child element 'Organization'. List of possible elements expected: 'Extensions, RoleDescriptor, IDPSSODescriptor, SPSSODescriptor, AuthnAutorityDescriptor, PDPDescriptor, AffilliationDescriptor'
I really think the problem is not related to the Organization element, but the fact that it expects one of the above mentioned descriptors first; but instead, it encounters the Organization element thus why throwing this error. To be more precise, I think it expects to find the SPSSODescriptor. Looking at the video tutorial, one can see that the SPSSODescriptor exists and is right after the RoleDescriptor. However in our xml file it's missing completely.
I have attached the original metadata file (after removing sensitive data).
Kindly let me know if you know what the problem might be and how I can get it sorted. Any advise will be much appreciated!
P.S. We are on version 3.1.4, with Shared Persistence.