Configure your IdP for Qlik Sense Enterprise on Kubernetes (QSEoK) using a YAML configuration file.
Setting up the IdP for Qlik Sense Enterprise on Kubernetes
Before setting up the IdP for QSEoK, you must:
- Create a Kubernetes environment.
- Install the client tools to interact with your Kubernetes environment.
- Deploy QSEoK into Kubernetes.
- Accept the EULA for QSEoK.
- Configure your MongoDB connection.
For a detailed description of the steps, see Qlik Sense multi-cloud deployments with Qlik Sense Enterprise on Kubernetes.
You set up the (IdP) for QSEoK in the YAML configuration file.
Do the following:
Open your YAML configuration file, and enter the Discovery endpoint.
Also know as Discovery URL.
Enter IdP Client ID.
This is the ID of the configured client at the IdP for interactive user authentication.
Enter Client secret.
The secret for the client configured at the IdP.
Enter User ID claims mapping.
The claim to use as User ID.
Enter Groups claim mapping.
The claim to use as containing groups.
Code example with simple-oidc-provider
The simple-oidc-provider supports OIDC discovery, which simplifies the main configuration. Use discoveryUrl.
"sub": [ "sub", "client_id" ]
The simple-oidc-provider does not return a sub claim for client credentials tokens. The remedy for this is the claims mapping "sub": [ "sub", "client_id" ]. This will map the sub claim to the sub claim whenever possible but will fall back on the client_id claim.
Logging out from the multi-cloud environment
When you log out from the multi-cloud environment, you may see an almost blank page, with only an OK in the top left corner. This can be the default page for the identity provider for your tenant. The page is configurable for your identity provider.