Heya Jason -
By default, Trusted Tickets work in a "restricted" mode - meaning you can use a ticket to view a report, but that's it. You can't use a ticket to "browse" the rest of the Tableau portal like Workbook & Project lists, etc .If you attempt to view anything other than a report in "restricted" mode, then you're immediately logged out.
This blog entry will tell you a little bit more about what you're seeing and a potential workaround:
Thanks Russell! I tried it out and it works. If I'm going to use this is there any way to remove the log out link? It will surely bring up some confusion among users that are using trusted authentication.
Is there some way to get a listing of all the tabadmin set options? I'm noticing that wgserver.unrestricted_ticket doesn't seem to be documented.
Hey Jason -
No, that sucker isn't documented because it could arguably make the server less secure ala: " Users can browse through the UI instead of being forced into a view".
Can't tell you much on the logout/login screen - I work with customers who use Trusted Tickets 80%+ of the time and they mostly have the same reaction. We've let dev know that having the ability to redirect to a custom logout screen would be nice.
Thanks for setting that up, I'll cast my vote. Although the ability manually log a user off through redirection already exists, in case someone else stumbles across this discussion. From the security white paper:
"For integrated environments, for example views embedded in a
portal, it is useful to programmatically force a logout on the Tableau
Server when the user logs out of the portal. This is easily achieved
by calling a logout URL from the client: http://<Tableau Server>/
What I'd like to see is either the ability to hide the logout button or have Tableau be "smart" enough to realize that it is in trusted authentication mode and not display the logout button it in that case.
PS. that linky is malformed
What most people that I have worked with object to is the login screen showing up at all when the user logs out or times out. Since they're trying to "hide" the fact that Tableau is even part of their application stack, this login screen is bad as far as they're concerned.
Your problem is that the entire Tableau Portal really wasn't designed to be browse-able by a Trusted Tickets user - only Views. Note how that stuff doesn't show up when you show an embedded viz the "normal" way -- with a restricted ticket and &:embedded=yes
Unfortunately for you, you want an "edge case request" (hide logout text) on top of an edge case scenario (unrestricted tickets)
Well, I got my whole team (of 4) to vote for the idea. I'm still just testing this out and trying to find the best approach, so I may still go with restricted tickets and getting a redirection to a custom logout page would be great.
I'm going to look at what is involved with querying the Tableau DB to get a list of views a user has access to and use that to drive which view to embed also.
Thanks again for you assistance!