7 Replies Latest reply on Sep 12, 2014 5:21 AM by Prem Reddy

    8.1.1 Trusted Authentication problem

    Michel Roberge

      Hi all,

       

      I uninstalled Tableau Server 8.0.6 and installed 8.1.1 (64 bit OEM) following the usual procedure (deactivate license, uninstall, delete c:\ProgramData\Tableau) and reinstalled.

       

      I got it activated, all seems fine, I can publish to the server and all.

       

      But trusted authentication is not working anymore.

       

      I set the same trusted IPs I had before, restarted Tableau Server, still, it does not work. I always get

       

      com.tableausoftware.model.workgroup.service.TrustedTicketServiceImpl - Invalid request host: ::1.

       

      Anyone has tried this yet? I am trying to find out if this is:

       

      • 8.1.1 server problem,
      • 8.1.1 64 bit problem
      • 8.1.1 OEM problem
      • 8.1.1 OEM 64 bit problem
      • Me doing something silly.

       

      I deactivated Ipv6 and "Use Temporary Addresses" is set to false.

       

      If you updated to 8.1.1 and are using trusted authentication, please share your results

       

      Thanks!

       

      Michel

        • 1. Re: 8.1.1 Trusted Authentication problem
          Dan Huff

          Tickets did change in structure from 8.0 to 8.1 so this may be the issue you are hitting. They are now 24 characters long to be more secure. There is a setting to change this back to the 8.0 behavior but I cannot remember it off the top of my head. I bet our Support team would remember or maybe Russell Christopher.

           

           

          Dan

          • 2. Re: 8.1.1 Trusted Authentication problem
            Russell Christopher

            Sounds like an ipv6 issue. Did you see this, by any chance?

             

            Navigating IPv6 and Tableau Server | Tableau Love

            • 3. Re: 8.1.1 Trusted Authentication problem
              Michel Roberge

              Thanks Russell.

               

              Just before seeing your reply, I had uninstalled the server, re-installed it again, and for some reason decided to try putting in the host name in the trusted IP list... And it worked.

               

              So it seems that it is the "fix", but why is that so? Why would putting in the name be working, and the IP not working, anymore?

               

              Thanks,

               

              Michel

              • 4. Re: 8.1.1 Trusted Authentication problem
                Russell Christopher

                Well, I bet if you ping localhost on the Tableau Server, it’s going to return ::1: (ip6 localhost) vs. 127.0.0.1 (ip4 localhost)…Your name resolution on the machine is driven by ip6, not ip4…so your ip4 IP addresses don’t match the ip6 addresses on the machines doing the POST for the ticket.

                 

                That’s why adding the hostnames to the file (which resolve to ip6 ips) fixed it.

                • 5. Re: 8.1.1 Trusted Authentication problem
                  Nick F

                  Hi Michael,

                   

                  We had the same problem, except we were upgrading from 8.0.5 to 8.1.4. When we upgraded everything was working (publishing viz, viewing visuals, background tasks, the usual suspects) except trusted authentication. As we discovered Tableau made some changes with 8.1.X that used a 24-character string instead of the 9-digit for generating the ticket. To support this Tableau also updated their tabadmin commands to enable the 9-char ticket, instead of the now 24-char. I've entered this below even though there is a "but" coming...

                   

                  vizqlserver.trustedticket.use_deprecated_9digit_token

                  When set to true, tickets are 9 digits long (as in version 8.0 and earlier) and the setting vizqlserver.trustedticket.token_length is ignored.

                   

                  vizqlserver.trustedticket.token_length

                  Determines the number of characters in each trusted ticket. The default setting of 24 characters provides 144 bits of randomness. The value can be set to any integer between 9 and 255, inclusive.

                   

                  We tried the different configurations without success (...token_length = 9, and ...depreciated_9digit_token = true) until we realised the problem - Tableau 8.1 uses a 9-numeric-character string, unlike 8.1 which uses a 24-alphanumeric-character string, and despite the above configuration the trusted authentication fails because the Tableau application 8.1 still generates an alphanumeric ticket, not numeric. This is at the heart of the problem and has been acknowledged by Tableau Support - they offered me a fix to their code (see below), and said they do not have plans for this to change with a future release of Tableau Server, and that they would pass on my feature request. Yes, you read that right - they acknowledged the problem, gave me a hotfix to their code, and passed this off as a feature request". It is a bug pure and simple.

                   

                  **I might add, I've been hesitant to make these changes, least of all because it is not on their radar for a fix, so I have no idea how this will behave with future releases. I will test out this fix post its success/failings within the next week or two.

                   

                  ====== begin snippet from Support =================

                  If the example code, provided in our documentation, is being used for the trusted authentication then there are some changes to the code that will need to be made. The following changes will need to be made to the PHP or Ruby code (the Java code example code should still work):

                   

                   

                  PHP:

                  Current example:

                  -------------------------

                  function get_trusted_url($user,$server,$view_url) {

                    $params = ':embed=yes&:toolbar=yes';

                   

                   

                    $ticket = get_trusted_ticket($server, $user, $_SERVER['REMOTE_ADDR']);

                    if($ticket > 0) {

                      return "http://$server/trusted/$ticket/$view_url?$params";

                    }

                    else

                      return 0;

                  }

                  ---------------------

                  Updated function:

                  ----------------------

                  function get_trusted_url($user,$server,$view_url) {

                    $params = ':embed=yes&:toolbar=yes';

                   

                   

                    $ticket = get_trusted_ticket($server, $user, $_SERVER['REMOTE_ADDR']);

                    return "http://$server/trusted/$ticket/$view_url?$params";

                   

                   

                  }

                  --------------------

                   

                   

                  Ruby:

                  Current class:

                  --------------------

                  class TableauTrustedController < ApplicationController

                    include TableauTrustedInterface

                   

                   

                    def index

                      tabserver = 'localhost'

                      tabuser   = 'workgroupuser'

                      tabpath   = 'views/Book1/Sheet1'

                      tabparams = ':embed=yes&:toolbar=no'

                      ticket    = tableau_get_trusted_ticket(tabserver, tabuser, request.remote_ip)

                   

                   

                      if ticket > 0

                        url = "http://#{tabserver}/trusted/#{ticket}/#{tabpath}?#{tabparams}"

                        redirect_to url

                        return

                      end

                   

                   

                      render :status => 403, :text => "Error with request"

                    end

                  end

                  ---------------------------------------

                   

                   

                  Updated class:

                  ----------------------------------------

                  class TableauTrustedController < ApplicationController

                    include TableauTrustedInterface

                   

                   

                    def index

                      tabserver = 'localhost'

                      tabuser   = 'workgroupuser'

                      tabpath   = 'views/Book1/Sheet1'

                      tabparams = ':embed=yes&:toolbar=no'

                      ticket    = tableau_get_trusted_ticket(tabserver, tabuser, request.remote_ip)

                   

                   

                      if not(ticket == -1)

                        url = "http://#{tabserver}/trusted/#{ticket}/#{tabpath}?#{tabparams}"

                        redirect_to url

                        return

                      end

                   

                   

                      render :status => 403, :text => "Error with request"

                    end

                  end

                  ----------------------------------------------

                   

                   

                  I was able to successfully use the 9 digit code with Tableau Server 8.1.4. My testing of this code did return a 9 digit numerical code and it is was not necessary for the 9 digit code to be alphanumerical.

                  ====== end snippet from Support ==================

                  • 6. Re: 8.1.1 Trusted Authentication problem
                    Prem Reddy

                    Hi All,

                     

                    For Enabling trusted Authentication I've run the following command and even I was able to access the embedded views on Sharepoint. But for some reason I've to undo the changes made to Tableau Server.

                     

                    Has anyone previously tried removing the IP Address of other application being set using following command.

                     

                    tabadmin set wgserver.trusted_hosts "<trusted IP addresses or host names>"

                     

                    I've to roll back.

                     

                    Any Inputs are really helpful.

                     

                    Thanks,
                    Prem

                    • 7. Re: 8.1.1 Trusted Authentication problem
                      Prem Reddy

                      Hi All,

                       

                      Using -d option I was able to restore the Tableau settings to Default.

                       

                      tabadmin set wgserver.trusted_hosts -d

                       

                      Thanks,
                      Prem