Qlik Sense Enterprise on Kubernetes - IdP settings

Configure your IdP for Qlik Sense Enterprise on Kubernetes (QSEoK) using a YAML configuration file.

Note: For multi-cloud, you can only use identity providers that are compatible with OpenID Connect (OIDC).

Setting up the IdP for Qlik Sense Enterprise on Kubernetes

Before setting up the IdP for QSEoK, you must:

  • Create a Kubernetes environment.
  • Install the client tools to interact with your Kubernetes environment.
  • Deploy QSEoK into Kubernetes.
  • Accept the EULA for QSEoK.
  • Configure your MongoDB connection.

For a detailed description of the steps, see Qlik Sense multi-cloud deployments with Qlik Sense Enterprise on Kubernetes.

You set up the (IdP) for QSEoK in the YAML configuration file.

Do the following:

  1. Open your YAML configuration file, and enter the Discovery endpoint.

    Also know as Discovery URL.

  2. Enter IdP Client ID.

    This is the ID of the configured client at the IdP for interactive user authentication.

  3. Enter Client secret.

    The secret for the client configured at the IdP.

  4. Enter User ID claims mapping.

    The claim to use as User ID.

  5. Enter Groups claim mapping.

    The claim to use as containing groups.

Code example with simple-oidc-provider

Warning: This code example is only intended for testing and must not be used in production.

The simple-oidc-provider supports OIDC discovery, which simplifies the main configuration. Use discoveryUrl.

{

"discoveryUrl": "http://oidc:9000/.well-known/openid-configuration",

"clientId": "foo",

"clientSecret": "bar",

"realm": "simple",

"hostname": "myhost",

"claimsMapping": {

"sub": [ "sub", "client_id" ]

}

}

The simple-oidc-provider does not return a sub claim for client credentials tokens. The remedy for this is the claims mapping "sub": [ "sub", "client_id" ]. This will map the sub claim to the sub claim whenever possible but will fall back on the client_id claim.

Logging out from the multi-cloud environment

When you log out from the multi-cloud environment, you may see an almost blank page, with only an OK in the top left corner. This can be the default page for the identity provider for your tenant. The page is configurable for your identity provider.

 

Did this information help you?

Thanks for letting us know. Is there anything you'd like to tell us about this topic?

Can you tell us why it did not help you and how we can improve it?