Skip to main content

OIDC configuration with Auth0

ON THIS PAGE

OIDC configuration with Auth0

OpenID Connect (OIDC) is an authentication layer on top of OAuth 2.0, an authorization framework. OIDC enables single sign-on (SSO) to reduce the number of times a user has to log on to access websites and applications. OIDC can be configured for authentication with third-party products.

Configuring Auth0

Note: Because this configuration involves a third-party product, we cannot guarantee that the configuration is exactly as described here. Changes may occur in the third-party product, without our knowledge.
  1. Log in to https://auth0.com/ and create an account with your email address.

  2. In the left menu in Auth0, open Applications.

  3. Click Create application.
  4. Name the application, select Single Page Web Applications and click Create.

  5. Optionally, select your web app technology.

  6. Select Settings.
  7. In the box Allowed Callback URLs, add the URL to your host in the format https://<QSEhostname>/<VirtualProxyPrefix>/oidcauthn.

  8. Scroll down and click Save changes.

  9. Note down the Client ID and Client Secret values.

  10. Scroll to the bottom and select Advanced Settings.

  11. Select Endpoints.

  12. Note down the OpenID configuration URL.

Creating and configuring the virtual proxy

  1. In the Qlik Management Console (QMC), open Virtual proxies.

  2. Click Create new Create new.

  3. In Properties, to the right, ensure that the sections Identification, Authentication, Load balancing, and Advanced are selected.

  4. Under Identification, enter auth0 for Description and Prefix.

  5. For Session cookie header name, add -auth0 at the end of the existing name so that it reads X-Qlik-Session-auth0.

  6. For Authentication method, select OIDC.

  7. Enter the noted “OpenID Configuration” URL in the OpenID Connect metadata URI field. It will be in the following format: https://<Auth0hostname>/.well-known/openid-configuration.

  8. Enter the noted Client ID and Client secret in the corresponding fields.

  9. For Realm, enter auth0. Users added in the repository through OIDC authentication will have user directory name set to “auth0”.

    Note: If the subject attribute value format is domainname\username, realm is optional. If not, realm is mandatory.
  10. In the client_id field, change the value to aud.

  11. In the scope field, enter openid profile email.

  12. Under Load balancing nodes, click Add new server node.

  13. Select the engine nodes this virtual proxy will load balance connections to.

  14. Under Advanced, in the Host allow list section, click Add new value.

  15. Add the host name of the Auth0 tenant, that is, the same host name that you entered for OpenID Connect metadata URI.

  16. Click Apply and then OK to restart the services.

  17. In the Associated items menu to the right, select Proxies.

  18. Click Link and link the virtual proxy to the proxy or proxies that will use this configuration.

    The proxy service is restarted.

Verify that the claims and scopes that you have configured in the IdP server are returned in claims_supported and scopes_supported tags when you select the OpenID Connect Metadata URI, https://{IdP_hostname}/.well-known/openid-configuration.

This completes the Auth0 configuration.