SAML authentication does not redirect back to IDP

ol00681110 · ‎2022-09-19

Hi,

There is an integration between Qlik and Identity Access Management (IDAM) portal in my environment.

My users will login to the IDAM portal and select on the Qlik option to access Qlik portal.

IDAM connects to Qlik via SAML authentication.

Logging in to Qlik via SAML is not a problem however, if we were to log out from Qlik and refresh the Qlik page, we are unable to get back into the Qlik page and see the 500 internal server error.

Based on my understanding of SAML authentication, even if I logged out from Qlik, I should still be able to get back into the Qlik session as my SAML session should still be on.

May I know what configuration is not done correctly?

Attached is a screenshot of the error.

Damien_Villaret · ‎2022-09-20

Hello @ol00681110 ,

This suggests that your Qlik Sense certificate may not have the correct certificate Cryptographic provider for SAML. This is only needed if you first go to Qlik Sense and it redirects to your IdP (SP-initiated flow)

https://community.qlik.com/t5/Knowledge/SHA-256-and-Converting-the-Cryptographic-Service-Provider-Ty...

For the "Users go to the IDAM portal and select on the Qlik option to access Qlik portal." this is a IdP-initiated flow so it will work even if the Qlik Sense certificate doesnt have the correct Cryptographic provider, as Qlik Sense doesn't need to sign anything in that use case.

If your Qlik Sense session is logged out but your IdP session is still alive, Qlik Sense will have to initiate a SP initiated flow to log you back in.

Best regards,

If the issue is solved please mark the answer with Accept as Solution.

Integration