Tableau Mobile Reverse Proxy Authentication Sequence

Version 6

    If you have configured authentication at the proxy server gateway, then your proxy server must respond to Tableau Mobile HTTP requests with a HTTP 302 response. The 302 must include a redirect to the identity provider login page. This wiki page describes two scenarios:

    • Generic authentication scenario
    • Initial configuration

    Generic authentication scenario

    The following diagram shows a typical authentication sequence.

     

    reverse_proxy_authentication-10step.png

     

    1. Initial URL:  example.com/vizportal/api/web/v1/getFavorites

    2. Reverse proxy sends back 302 redirect to login page (idp.ini/signin)

    3. Mobile client URL to idp.ini/signin

    4. IdP responds with sign-in page

    5. Client sends credentials to IdP

    6. IdP sends 302 back to proxy and includes authentication token

    7. Mobile client sends request to proxy server with the authentication token

    8. Proxy sends 302 redirect to the initial URL (example.com/vizportal/api/web/v1/getFavorites)

    9 Mobile client connects to Tableau Server

    10. Tableau Server sends a response based on the initial URL. In this case, getFavorites returns a list of the user's workbooks and worksheets.

     

     

    Initial configuration

    The following diagram shows the first authentication request that is made by the Tableau Mobile app. Refer to this diagram to troubleshoot initial configuration issues.

    Tableau Mobile HTTP authentication sequence

     

    1. Initial URL: example.com/manual/auth

    2. Reverse proxy sends back 302 redirect to login page (idp.ini/signin)

    3. Mobile client URL to idp.ini/signin

    4. IdP responds with sign-in page

    5. Client sends credentials to IdP

    6. IdP sends 302 back to proxy and includes authentication token

    7. Mobile client sends request to proxy server with the authentication token

    8. Proxy sends 302 redirect to example.com/manual/auth

    9 Mobile client connects to Tableau Server at example.com/manual/auth

    10. Tableau Server returns auth.xml to client

    11. Mobile client signs in to Tableau Server based on auth.xml info