Qlik Sense Enterprise for elastic deployments - IdP settings

Configure your IdP for Qlik Sense Enterprise (QSE) for elastic deployments using a YAML configuration file.

Nota: For multi-cloud, you can only use identity providers that are compatible with OpenID Connect (OIDC).

Setting up the IdP for Qlik Sense Enterprise for elastic deployments

Before setting up the IdP for QSE for elastic deployments, you must:

  • Create a Kubernetes environment.
  • Install the client tools to interact with your Kubernetes environment.
  • Deploy QSE for elastic deployments into Kubernetes.
  • Accept the EULA for QSE for elastic deployments.
  • Configure your MongoDB connection.

For a detailed description of the steps, see Qlik Sense multi-cloud deployments with Qlik Sense Enterprise for elastic deployments.

You set up the (IdP) for QSE for elastic deployments in the YAML configuration file.

Do the following:

  1. Open your YAML configuration file, and enter the Discovery endpoint.

    Also know as Discovery URL.

  2. Enter IdP Client ID.

    This is the ID of the configured client at the IdP for interactive user authentication.

  3. Enter Client secret.

    The secret for the client configured at the IdP.

  4. Enter User ID claims mapping.

    The claim to use as User ID.

  5. Enter Groups claim mapping.

    The claim to use as containing groups.

Code example with simple-oidc-provider

Avviso: This code example is only intended for testing and must not be used in production.

The simple-oidc-provider supports OIDC discovery, which simplifies the main configuration. Use discoveryUrl.

{

"discoveryUrl": "http://oidc:9000/.well-known/openid-configuration",

"clientId": "foo",

"clientSecret": "bar",

"realm": "simple",

"hostname": "myhost",

"claimsMapping": {

"sub": [ "sub", "client_id" ]

}

}

The simple-oidc-provider does not return a sub claim for client credentials tokens. The remedy for this is the claims mapping "sub": [ "sub", "client_id" ]. This will map the sub claim to the sub claim whenever possible but will fall back on the client_id claim.

Logging out from the multi-cloud environment

When you log out from the multi-cloud environment, you may see an almost blank page, with only an OK in the top left corner. This can be the default page for the identity provider for your tenant. The page is configurable for your identity provider.