Hey Tim -
Can you define what you mean by "does not work" a little bit more clearly? Are you unable to request a trusted ticket via IE/Safari (you get a -1 error message) or are you able to get a ticket but not use it?
I've never had problems with IE in this regard, so I'd guess it does have something to do with your browser config (as I think you already suspect) and/or environment. For kicks, have you tested IE/Safari on a different/virgin machine to see if the behavior is the same?
The server gets the ticket and displays the iFrame. The iFrame shows up but at that point it does not recognize the user and asks for a login (i.e the trusted authentication becomes irrelevant).
This also happens on safari on mac and ipad. I went into the settings both safari and IE and tried to enable third party cookies but it didn't help.
It works on chrome and firefox though.
Hey Tim -
This is indeed strange. Are you running the same page in each browser? In other words, are you "going after" the same resource in Tableau Server in each of your tests?
Also, were you able to test this on a different machine to rule out an issue on your workstation?
>This is indeed strange. Are you running the same page in each browser? In other words, are you "going after" the same resource in Tableau Server in each of your tests?
No. I have different tabs on my web page which access different reports. I get the same behavior in each tab.
Furthermore when I switch tabs I get this error
An error occurred on the server. The details of the error are:
Could not locate unexpired trusted ticket 14832434
Click the Refresh button in your web browser and try again.
If you continue to receive this error please contact your Tableau Server Administrator.
refreshing the page brings the login screen
>Also, were you able to test this on a different machine to rule out an issue on your workstation?
Yes It's being reported by many people.
By default, Tableau Trusted tickets only allow you to render a view. Are some of your tabs doing other things, like showing a list of reports on the server? You'll need to enable unrestricted tickets turned on to do that, otherwise you'll get a login screen, which is essentially Tableau refusing your request.
The second issue sounds like you're attempting to re-use the ticket to view multiple reports, which you can't do. Think of it like a movie theater - One ticket-per-movie. If you want to view /views/Workbook1/view1, /views/Workbook2/view1, and /views/Workbook1/view2, you need 3 tickets.
Posting the actual HTML / code you've written may make things a little bit more clear...
>By default, Tableau Trusted tickets only allow you to render a view. Are some of your tabs doing other things, like showing a list of reports on the server? You'll need to enable unrestricted tickets turned on to do that, otherwise you'll get a login screen, which is essentially Tableau refusing your request
I am not sure what you mean by "unrestricted ticket" but I do have the IP address verification turned off.
>The second issue sounds like you're attempting to re-use the ticket to view multiple reports, which you can't do.
No I am definitely not doing that. Each request for the view has a fresh ticket. The report is in an iframe and the url is crafted server side to include the ticket.
Once again. It works fine with Chrome and Firefox on windows, mac, and ipad. It does not work with IE on windows or safari on mac or ipad.
To me it smells like a third party cookie problem. I moved the report server dns to be a subdomain of the application (reportserver.myapp.mydomain.com) but that didn't help either.
If you're 100% positive that each request is being made with a new ticket, are you sure that when you request the ticket, you're doing so from the correct Tableau site? Unless you tell us differently, Tickets are created for the default site of Tableau Server. If the report you want to display resides in a different site than default, you must specify the site you want the ticket created for, otherwise you get a ticket for the default site which won't be any good when you request content in a site other than "Default"
Also, one last thing to check before you open a support case. Based on your technical depth, I suspect you are familiar with Fiddler - I'd use against IE to make sure that the appropriate cookies ARE being attached to our requests.
Here's what things look like when I am using default Security settings in IE (Accept 3rd Party Cookies). Note two cookies.
Now, I'm blocking 3rd party cookies in IE. Only 1 cookie, and I'm thrown to the login page:
I am using restricted tickets. The user is only allowed to see the view I ask for. Each tab has another view but each page load gets a fresh ticket. I only have one site. I am using the iframe method.
As I mentioned before this all works just fine in firefox and chrome. IE and Safari don't like it.
I can see the cookies being set but I still get the login screen.
I have also tried fiddling with p3p headers but still no joy.
This server isn't accessible externally, is it? I'd love to hit it from here outside of your environment. It might be interesting for you to hit "known good" trusted tickets sites from inside your environment to see if they break...
I think it is time to open a support case at this point. Sorry.
I have opened a ticket and provided them with the information they requested. Hopefully they will come back with an answer soon because this is kind of painful for the users.
How did you modify the P3P policy?