Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Introduces a New Era of Visualization! READ ALL ABOUT IT
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
manish_2991
Contributor III
Contributor III
‎2022-09-20 01:48 AM

SSO in Qliksense

Hi 

We are implementing SSO in qliksense with IDAM of Microfocus. We have created the virtual proxy as required and uploaded the IDP metadata and shared the SP metadata with the IDAM.

But whenever we are trying to log in to qliksense through our SSo, then it's not opening the page rather it's showing error 'Unable to complete request at this time. (Request was from an untrusted provider-95241285D8958F10)'. After discussing the same with IDAM team they are saying that Qliksense is not supporting SP initiated SSO, it's working on IDP initiated SSO.

Is there any case that qliksense doesn't support SP initiated SSO?

We are using Qliksense Nov 2021 version. 

Please guide.

Labels (1)
Labels
551 Views
0 Likes
3 Replies
Damien_Villaret
Support
Support
‎2022-09-20 04:25 AM

Hello @manish_2991 

That is SAML authentication, right?

Qlik Sense DOES support SP-initiated SSO.

From the error message, "Request was from an untrusted provider-95241285D8958F10" it rather looks like IDAM fails to validate the signature on the SAML AuthnRequest, maybe because it's using a self-signed certificate ?

You can replace your certificate by a certificate of your choice if you wish:

https://community.qlik.com/t5/Knowledge/How-to-change-the-certificate-used-by-the-Qlik-Sense-Proxy-t...

But keep in mind that it needs to have the cryptographic provider Microsoft Enhanced RSA and AES Cryptographic Provider if you wish to use SHA-256

https://community.qlik.com/t5/Knowledge/SHA-256-and-Converting-the-Cryptographic-Service-Provider-Ty...

 

Hope that helps.

Best regards,

If the issue is solved please mark the answer with Accept as Solution.
530 Views
0 Likes
manish_2991
Contributor III
Contributor III
‎2022-09-21 01:08 AM
Author

Hi Damien 

Thanks for your revert.

On further investigating the issue we discovered that there was some issue at IDAM end only. They were not able to read the SP metadata properly. Now it's working with Self signed certificate only.

But now when we are trying with third party wildcard certificate we are getting issue in IDAM. Whenever they import the SP metadata having the wildcard certificate details they are unable to upload and it gives the attached error. Also when they try to import the certificates directly from IDAM by connecting Qliksense server (using IP& port - 100.0.0.100:443)it shows an error that Root certificate is not found on the server. (attached screenshot of the same).

Please guide what could be the issue?

Preview file
32 KB
Preview file
51 KB
523 Views
0 Likes
Damien_Villaret
Support
Support
‎2022-09-26 01:22 AM

Hello @manish_2991 

Was that certificate generated by a public Certificate authority such as VeriSign or similar, or generated by yourself?

Based on the error, it looks you would need to import the Certificate authority certificate of that certificate to IDAM so that it can trust it.

Best regards,

If the issue is solved please mark the answer with Accept as Solution.
494 Views
0 Likes