1 Reply Latest reply on Jan 16, 2019 6:07 AM by Alexander Vasilevskii

    Unable to authenticate user. Please try again or contact your administrator for assistance.

    Anish Karunakaran

      SAML SSO integration with Tableau Server – Current status and the steps we followed till date:

       

      1. 1. Created an Identity Provider(IdP) using ComponentSpace SAML .net component and hosted in IIS. URL: http://identity.hmetrix.com
      2. 2. Generated a metadata XML for Tableau Service Provider(SP) from our IdP. And the  metadata is signed with a PEM enabled 509 certificate.
      3. 3.     In Tableau Server we have configured SAML with a valid cert/key pair and also provided the IdP metadata XML file. Tableau application is available in the URL http://ms1.hmetrix.com . In the metadata XML SSO service binding is configured as
        <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://identity.hmetrix.com/SAML/SSOService.aspx" />
      4. 4. The tableau user “demouser1” is also added in IdP.
      5. 5. When opening the Tableau Server URL through a web browser instance then it is redirected to the IdP login window.  So the SSO binding redirection is worked as expected.
      6. 6. Once we enter the login credentials and submit the form, the IdP sent the assertion signed response to the SP. (I have attached the assertion SAML response: assertion.xml). At that time we got an authentication error as below:
        error.png

      from the wgserverlog detailed error description is as follows:

      2013-12-23 06:14:24.962 -0500 catalina-exec-4 Default  ERROR : com.tableausoftware.domain.user.saml.SAMLExtendedProcessingFilter - SAML Authentication Failed, please contact the administrator.

      • org.springframework.security.authentication.AuthenticationServiceException: Incoming SAML message is invalid

      validation of protocol message signature failed

       

      We have tried both self-signed (two different set of certificates , one for IdP and other one for SP) and signed certificates. Right now we are using a valid authority signed certificate in both side. .pfx file is using in IdP and .cert and .key file is using in Tableau SP


      Thanks,

      Anish.