Skip to main content

Using Auth0 as an IdP for Qlik Sense Enterprise on Kubernetes

ON THIS PAGE

Using Auth0 as an IdP for Qlik Sense Enterprise on Kubernetes

You can use Auth0 as an identity provider for logging into a Qlik Sense Enterprise on Kubernetes (QSEoK) tenant and also for interacting with the tenant programmatically.

Connecting QSEoK with Auth0

Before you start, make sure you have the following:

  • Auth0 account

  • Auth0 tenant

  • Auth0 app, configured with interactive login and programmatic access

  • Configuration settings from your Auth0 application: discoveryUrl, clientId, and clientSecret

Note: Many of the code examples contain placeholder values that need to be replaced by your own values.

You provide configuration to QSEoK by using a values.yml file. The values.yml file should look like the following example:

devMode:
  enabled: true

engine:
  acceptEULA: "yes"

identity-providers:
  secrets:
    idpConfigs:
      - discoveryUrl: "<OpenID Configuration from Application>"
        clientId: "<Client ID from Application>"
        clientSecret : "<Client Secret from Application>"
        realm: "<Name for this IdP>"
        hostname: "<Hostname for your QSEoK tenant>"
        claimsMapping:
          client_id: [ "client_id", "<id>" ]      
          

You need to enter the values for discoveryUrl, clientId, clientSecret, realm, hostname, and id (claims mapping).

Applying the configuration to your cluster

Use Helm (see the Helm homepage) to apply the configuration in your values.yml file to your Kubernetes cluster:

$ helm upgrade \
  --install \
  qliksense qlik/qliksense \
  -f values.yml

To make sure that your configuration has been applied, you can run the get values command to see the resolved configuration:

$ helm get values qliksense

devMode:
  enabled: true
engine:
  acceptEULA: "yes"
identity-providers:
  secrets:
    idpConfigs:
      - discoveryUrl: "https://tenant.auth0.com/.well-known/openid-configuration"
        clientId: "<client ID>"
        clientSecret : "<client secret>"
        realm: "Auth0"
        hostname: "<hostname>"

Configure your hosts file

Note: This section is only relevant if there is no DNS.

In order for <hostname> to resolve, add the following to your /etc/hosts file:

127.0.0.1   <hostname>
::1         <hostname>

Log in to your tenant

You are now set to log into your tenant. In your browser, go to https://<tenant address> and you should be redirected to an Auth0 login page. After a successful login you reach a home page to which apps are distributed.