7 Replies Latest reply on Jul 21, 2014 11:16 AM by samson.kim

    Sample settings for Trusted Auth using Proximo

    Dan Rullo

      I have read through the documentation several times and so far my config settings are rejected when I go to incorporate trusted tickets. I can log into tableau fine in the frame but can not pass parameters.   Can anyone provide a sample verbose config for trusted auth using proximo for static ip generation?  Any help is appreciated.

      Thanks

      Dan

        • 1. Re: Sample settings for Trusted Auth using Proximo
          samson.kim

          Hi Dan,

           

          There are a few examples found in the zip package you can refer to.  Try looking at the Accounts-verbose.vfp page for reference.  Few other suggestions:  Check to see if the config value PROXIMO_URL is set in Heroku.  This should be present once you install proximo and is needed since it has account info.  May need to re-install proximo if it's not there.  That has happened to me a few times.  Also, turn on logging for trusted authentication in Tableau Server and check the logs.  It will show you the ip and user info trying to obtain a ticket. 

           

          Hope this helps


          Cheers,

          Samson

          • 2. Re: Sample settings for Trusted Auth using Proximo
            Dan Rullo

            Samson,

            I have used the config settings in the zip package and that is why I have made the request.  It seems that there are inconsistencies in the formatting between examples.  When I format my settings as they are in some of the examples SFDC complains and rejects the view.  I just wanted to see if anyone had a working copy they could share.  My proximo url is present (by default it is not set to HTTPS so you have to change it manually.) Thanks for the tip about the logging.  I will check there next.  Should I be expecting to see the static IP from Proximo?

             

            Thanks

            • 3. Re: Sample settings for Trusted Auth using Proximo
              samson.kim

              Hey Dan,

               

              Actually, you want to leave the proximo URL alone so you may want to put it back to http.  Yes you should be expecting to see the static IP from Proximo along with the user request.  Which leads me to my next question.  Is your Tableau Server hosted on the cloud or is it accessible from the internet if it's on prem?  Your issue may be access.

              • 4. Re: Sample settings for Trusted Auth using Proximo
                Dan Rullo

                After some digging on my end.  It turns out that my Tableau server technically does not have a SSL certificate.  Our Load balancer has the SSL and that is how we are able to access it securely.  Could this be my issue?  I would think that many companies that are using SFDC and Tableau Server would likely also need a server load balancer.  

                • 5. Re: Sample settings for Trusted Auth using Proximo
                  samson.kim

                  Ah..  I see what you mean.  You're fine with the load balancer option.  There's a few pieces that may be needed to resolve via your load balancer solution.  Try this... in Heroku configure it to get trusted tickets to go via socks

                   

                  SPARKLER_TRUSTED_CLIENT:        SOCKS_PROXY 

                   

                  The default port is set to 1080 for communication.... to choose a different port you can set this variable...

                   

                  SPARKLER_TRUSTED_CLIENT_PROXY_PORT:  {PORT_NUMBER}

                   

                  Allow your firewall/load balancer to accept communication from that port and have it translate it back to port 80 back to Tableau Server. 

                   

                  Look at Tableau Server logs to see trusted ticket requests coming through.  You need to turn this feature on for Tableau Server... see the docs...

                   

                  You may need to configure your load balancer to add XFF header to pass in the real ip(Heroku server) instead of the load balancer IP when it makes the trusted ticket call to Tableau Server.

                  • 6. Re: Sample settings for Trusted Auth using Proximo
                    Dan Rullo

                    Thanks for following back up.  I was just about to post a question about the XFF Headers.  The Heroku server should be the proximo IP correct?