13 Replies Latest reply on Feb 14, 2018 3:11 AM by Yogesh Patel

    third party cookies and Trusted Authentication.

    Tim Uckun

      Hi I have trusted Authentication set up (no IP checking).  It works on Chrome and Firefox but does not work on IE and Safari.

       

      I changed my Safari settings to allow third party cookies and it still doesn't work. I did the same thing with IE but to no avail.  Is there some other setting I need to click on?

        • 1. Re: third party cookies and Trusted Authentication.
          Russell Christopher

          Hey Tim -

           

          Can you define what you mean by "does not work" a little bit more clearly? Are you unable to request a trusted ticket via IE/Safari (you get a -1 error message) or are you able to get a ticket but not use it?

           

          I've never had problems with IE in this regard, so I'd guess it does have something to do with your browser config (as I think you already suspect) and/or environment. For kicks, have you tested IE/Safari on a different/virgin machine to see if the behavior is the same?

          • 2. Re: third party cookies and Trusted Authentication.
            Tim Uckun

            The server gets the ticket and displays the iFrame. The iFrame shows up but at that point it does not recognize the user and asks for a login (i.e the trusted authentication becomes irrelevant).

             

            This also happens on safari on mac and ipad.  I went into the settings both safari and IE and tried to enable third party cookies but it didn't help.

             

            It works on chrome and firefox though.

            • 3. Re: third party cookies and Trusted Authentication.
              Russell Christopher

              Hey Tim -

               

              This is indeed strange. Are you running the same page in each browser? In other words, are you "going after" the same resource in Tableau Server in each of your tests?

               

              Also, were you able to test this on a different machine to rule out an issue on your workstation?

              • 4. Re: third party cookies and Trusted Authentication.
                Tim Uckun

                >This is indeed strange. Are you running the same page in each browser? In other words, are you "going after" the same resource in Tableau Server in each of your tests?

                 

                No. I have different tabs on my web page which access different reports. I get the same behavior in each tab.

                 

                Furthermore when I switch tabs I get this error

                 

                An error occurred on the server. The details of the error are:

                Could not locate unexpired trusted ticket 14832434

                Click the Refresh button in your web browser and try again.

                If you continue to receive this error please contact your Tableau Server Administrator.

                 

                refreshing the page brings the login screen

                 

                >Also, were you able to test this on a different machine to rule out an issue on your workstation?

                 

                Yes It's being reported by many people.

                • 5. Re: third party cookies and Trusted Authentication.
                  Russell Christopher

                  By default, Tableau Trusted tickets only allow you to render a view. Are some of your tabs doing other things, like showing a list of reports on the server? You'll need to enable unrestricted tickets turned on to do that, otherwise you'll get a login screen, which is essentially Tableau refusing your request.

                   

                  The second issue sounds like you're attempting to re-use the ticket to view multiple reports, which you can't do. Think of it like a movie theater - One ticket-per-movie. If you want to view /views/Workbook1/view1, /views/Workbook2/view1, and /views/Workbook1/view2, you need 3 tickets.

                   

                  Posting the actual HTML / code you've written may make things a little bit more clear...

                  • 6. Re: third party cookies and Trusted Authentication.
                    Tim Uckun

                    >By default, Tableau Trusted tickets only allow you to render a view. Are some of your tabs doing other things, like showing a list of reports on the server? You'll need to enable unrestricted tickets turned on to do that, otherwise you'll get a login screen, which is essentially Tableau refusing your request

                     

                    I am not sure what you mean by "unrestricted ticket" but I do have the IP address verification turned off.

                     

                    >The second issue sounds like you're attempting to re-use the ticket to view multiple reports, which you can't do.

                     

                    No I am definitely not doing that. Each request for the view has a fresh ticket.  The report is in an iframe and the url is crafted server side to include the ticket.

                     

                    Once again. It works fine with Chrome and Firefox on windows, mac, and ipad. It does not work with IE on windows or safari on mac or ipad.

                     

                    To me it smells like a third party cookie problem. I moved the report server dns to be a subdomain of the application (reportserver.myapp.mydomain.com)  but that didn't help either.

                    • 7. Re: third party cookies and Trusted Authentication.
                      Russell Christopher

                      Unrestricted tickets:

                       

                      http://tableaulove.tumblr.com/post/23107955016/restricted-vs-unrestricted-trusted-tickets-in-tableau

                       

                      If you're 100% positive that each request is being made with a new ticket, are you sure that when you request the ticket, you're doing so from the correct Tableau site? Unless you tell us differently, Tickets are created for the default site of Tableau Server. If the report you want to display resides in a different site than default, you must specify the site you want the ticket created for, otherwise you get a ticket for the default site which won't be any good when you request content in a site other than "Default"

                      • 8. Re: Re: third party cookies and Trusted Authentication.
                        Russell Christopher

                        Also, one last thing to check before you open a support case. Based on your technical depth, I suspect you are familiar with Fiddler - I'd use against IE to make sure that the appropriate cookies ARE being attached to our requests.

                         

                        Here's what things look like when I am using default Security settings in IE (Accept 3rd Party Cookies). Note two cookies.

                         

                        ScreenHunter_10 Jun. 18 08.56.gif

                         

                        Now, I'm blocking 3rd party cookies in IE. Only 1 cookie, and I'm thrown to the login page:

                         

                        ScreenHunter_11 Jun. 18 08.59.gif

                        • 9. Re: third party cookies and Trusted Authentication.
                          Tim Uckun

                          I am using restricted tickets. The user is only allowed to see the view I ask for. Each tab has another view but each page load gets a fresh ticket. I only have one site. I am using the iframe method.

                           

                          Tomorrow when I get to work I will try the javascript method and see what happens.

                           

                          As I mentioned before this all works just fine in firefox and chrome. IE and Safari don't like it.

                          • 10. Re: Re: third party cookies and Trusted Authentication.
                            Tim Uckun

                            I can see the cookies being set but I still get the login screen.

                             

                            I have tried both the javascript method and the iframe method but no avail.

                             

                            I have also tried fiddling with p3p headers but still no joy.

                            • 11. Re: Re: third party cookies and Trusted Authentication.
                              Russell Christopher

                              This server isn't accessible externally, is it? I'd love to hit it from here outside of your environment. It might be interesting for you to hit "known good" trusted tickets sites from inside your environment to see if they break...

                               

                              I think it is time to open a support case at this point. Sorry.

                              • 12. Re: Re: third party cookies and Trusted Authentication.
                                Tim Uckun

                                I have opened a ticket and provided them with the information they requested. Hopefully they will come back with an answer soon because this is kind of painful for the users.

                                • 13. Re: third party cookies and Trusted Authentication.
                                  Yogesh Patel

                                  Hi Tim,

                                   

                                  Have you found the resolution for the issue, since I am also facing the same issue where in I have tried with iframe as well as JavaScript API provided by tableau. In my case web app works fine on all devices except iOS devices. Unexpected Error occurs every time I try to load the dashboard from safari and chrome as well.

                                   

                                  Thanks,

                                  Yogesh