10 Replies Latest reply on Oct 26, 2017 9:34 AM by Eileen Keck

Accessing Server Through Desktop Using SAML

Jeff Bloomfield May 5, 2014 8:56 AM

Just finished upgrading Tableau Server to v8.1.6 using AD, SSL, and SAML. Everything seems to be working fine and users can log in without issue from our company portal, but I am having issues when trying to connect to the server using Desktop (same upgraded version). I'm using the same URL that we use for the web login when trying to sign in:

However, it is failing when attempting to do so, and the dialog box that pops up says: Content Resend Error: The request needed to be sent again but it failed (https://login.mysites.com/Samlp/Tableau/Login)

I've tried looking in some of the server logs but am not seeing anything - does anyone have any ideas as to what my next steps would be to troubleshoot this?

Thanks in advance,

Jeff

1. Re: Accessing Server Through Desktop Using SAML

jordan.bunker May 5, 2014 9:11 AM (in response to Jeff Bloomfield)

Hi Jeff,

Since Tableau Server configurations can sometimes be a bit tricky, I recommend contacting our Support Team (support@tableausoftware.com) so they may work with you to troubleshoot and determine what is causing the issue.

Cheers!
- Jordan
Like Show 0 Likes(0)

Actions
2. Re: Accessing Server Through Desktop Using SAML

Jeff Bloomfield May 8, 2014 11:19 AM (in response to jordan.bunker)

Thanks Jordan, I did submit a ticket on Monday but haven't heard back from support yet, and as of right now have no way of logging into Tableau Server from Desktop. In looking in the logs it appears that the authentication to the idP is failing, and I don't know if it is because we are using AD authentication that I am not getting the option to manually enter my credentials.

Here is the log file from Tableau Desktop (asterisks are mine) :
2014-05-08 08:16:17.775 (-,-,-,-) 2c30: Starting AsyncTask for SessionID: -.
2014-05-08 08:16:17.800 (-,-,-,-) 2c50: NetworkReply::sslCtxCallback: failed to add certificate '****-EARTH-CA' from store 'Root'
2014-05-08 08:16:17.800 (-,-,-,-) 2c50: NetworkReply::sslCtxCallback: failed to add certificate '****-HT-CKDCNT02-CA' from store 'Root'
2014-05-08 08:16:18.320 (-,-,-,-) 2c30: WorkItemSetComplete: 0x00000000157dac50
2014-05-08 08:16:18.320 (-,-,-,-) 2608: Action: Getting data from server SubAction: Getting data from server Status: Completing request... Observers: 0
2014-05-08 08:16:18.321 (-,-,-,-) 2608: GetCookieContents failed for an unknown reason.
2014-05-08 08:16:18.452 (-,-,-,-) 2608: Unexpected payload component size: [1]
2014-05-08 08:16:18.454 (-,-,-,-) 2608: WorkgroupConnection::SAMLAuthentication: URL - https://myreporting.mysites.com/auth/login?datetime=2014-05-08T13:16:18.454000Z&format=xml&language=en&authenticity_token=VGG5UWgX5Ti6ekmQ**********JQ9HOmc4SLsqEBQnc=&full_keychain_key=a4a4876074f9a547d68fdf2**********9bfd33177d31ca7429bc5c29cb90fc04d73dd1b2e59233ad3a8d720d95c233**********72bc5d739880453449c0f20
2014-05-08 08:16:18.454 (-,-,-,-) 2608: WebAuthenticationDialog::obtainAuthToken: from (https://myreporting.mysites.com/auth/login)
2014-05-08 08:16:18.581 (-,-,-,-) 2608: SSL Errors:
2014-05-08 08:16:18.581 (-,-,-,-) 2608: [1] The issuer certificate of a locally looked up certificate could not be found
2014-05-08 08:16:18.581 (-,-,-,-) 2608: [2] The root CA certificate is not trusted for this purpose
2014-05-08 08:16:18.581 (-,-,-,-) 2608: [3] No certificates could be verified
2014-05-08 08:16:18.725 (-,-,-,-) 2608: SAMLAuthenticationHelper::determineAuthState : access pending
2014-05-08 08:16:18.853 (-,-,-,-) 2608: NetworkAccessException: type=ContentReSend, request url=[https://login.mysites.com/Samlp/Tableau/Login]
2014-05-08 08:16:20.518 (-,-,-,-) 2608: WebAuthenticationDialog::obtainAuthToken: access declined
2014-05-08 08:16:28.941 (-,-,-,-) 2608: WorkItemCreate: 0x000000001558b460, 0x00000000157da4d0
2014-05-08 08:16:28.941 (-,-,-,-) 2608: AsyncTaskSvcExecute: 0x00000000157da4d0
Like Show 1 Likes(1)

Actions
3. Re: Accessing Server Through Desktop Using SAML

Matt Lutton May 8, 2014 12:04 PM (in response to Jeff Bloomfield)

Jeff Bloomfield wrote:

Thanks Jordan, I did submit a ticket on Monday but haven't heard back from support yet...

Someone recently posted about an excellent response from Tableau Support, and they mentioned they received phone calls from two separate parties at Tableau.... how does that happen (getting someone on the phone)?
Like Show 0 Likes(0)

Actions
4. Re: Accessing Server Through Desktop Using SAML

jordan.bunker May 9, 2014 11:54 AM (in response to Jeff Bloomfield)

Thanks for the update Jeff!

I checked in on the support case that you created, and you should be receiving a phone call from support soon.

Matt, to answer your question, Tableau Support has been experimenting with a new process where every customer who opens a support case will receive a call, even if just to verify that the issue in the case is understood. This process is still in the trial stage, so some people may receive phone calls first, while other may receive emails.

Hope that answers your questions!

- Jordan
Like Show 0 Likes(0)

Actions
5. Re: Accessing Server Through Desktop Using SAML

Shawn Wallwork May 9, 2014 12:07 PM (in response to Matt Lutton)

That someone was little ol' me. I think it was a great way to be contacted (and heard) by Tech Support. Looking back the one 'mistake' I made was a little too chatty. If this is going to work we should all make an effort to keep it short, so they can get through their call lists quicker. Then they're more likely to move this from trials to the way they do business, which I personally hope they do.

Cheers,

--Shawn
Like Show 0 Likes(0)

Actions
6. Re: Accessing Server Through Desktop Using SAML

Olga Yazovskaya Jan 7, 2016 4:28 PM (in response to Jeff Bloomfield)

Hi Jeff,
I am having the same issue with 9.1.2 desktop and same version of the server. Was your issue resolved?
Thanks in advance
Like Show 0 Likes(0)

Actions
7. Re: Accessing Server Through Desktop Using SAML

Pierre-Antoine Marc Apr 27, 2016 8:53 AM (in response to Jeff Bloomfield)

Hi Jeff,

We're facing a similar issue with Tableau Desktop. How did you solve yours?

Any help would be appreciated on this

Regards,

Pierre-Antoine
Like Show 0 Likes(0)

Actions
8. Re: Accessing Server Through Desktop Using SAML

sreeverdhan potavathri May 12, 2016 3:06 PM (in response to Jeff Bloomfield)
Have you tried the below steps?
When signing into a SAML-enabled server via Desktop,
ife you apply "tabadmin set wgserver.authentication.desktop_nosaml true", Desktop users will should not be prompted for SAML authentication to the server -- they will sign in as if SAML is not enabled.
On your primary server, open command prompt
Go to bin directory
Run command "tabadmin set wgserver.authentication.desktop_nosaml true"
Run command "tabadmin config" (to make sure configuration files are applied to all servers in cluster)
Run command "tabadmin restart" (to restart Tableau Server)
Like Show 0 Likes(0)

Actions
9. Re: Accessing Server Through Desktop Using SAML

Pierre-Antoine Marc May 19, 2016 9:49 AM (in response to sreeverdhan potavathri)

Hi,

We did those steps to make Desktop work, but this is not a valid solution for us. We need Desktop to be secured through SAML so we don't have to handle user passwords manually.
Like Show 1 Likes(1)

Actions
10. Re: Accessing Server Through Desktop Using SAML

Eileen Keck Oct 26, 2017 9:34 AM (in response to Pierre-Antoine Marc)

did you come up with a better solution - I believe it is the certs need a common name - I am working on it now but now 100% sure. I realize this post is old but hoping you worked through this solution.
Like Show 0 Likes(0)

Actions