Qlik Sense: SAML GET request invalid format
Article Number: 000019087 | Last Modified: 2019/03/28
When trying to configure SAML authentication with Qlik Sense you may see SAML GET request invalid format or SAML POST request invalid format errors, unfortunately these errors do not indicate what is incorrect about the request.Environments:
- Qlik Sense Enterprise 3.x and later
Points to check:
1. Is the SAML Assertion Consumer URL set up correctly on the Identity Provider ?
This needs to be exactly the same URL than the one in the Service Provider metadata, including the ending slash
For example: https://qlikserver2.domain.local:443/saml/samlauthn/ will work but https://qlikserver2.domain.local:443/samla/samlauthn will not work.
2. For Service Provider initiated authentication, Qlik Sense's SAML implementation requires a RelayState value to be provided in SAML responses. If that value is missing then the Invalid Format error is generated.
RelayState is optional for Identity Provider initiated authentication.
RelayState is sent as a query parameter in both the SAML Request and the SAML Response, the value in both of them must be matching for the authentication to succeed.