Huh. Never noticed that setting -- I'll give it a go and see if it is satisfactory.
no problem. let me know if it works.
Would this work for the following scenario?
We have an older version of Siteminder. We want to use code to read the http header to enable SAML through Siteminder until we can upgrade to 12.5, which is the supported Siteminder to enable SAML in Tableau. If we could customize the HTTP header we believe the code we have in place for other applications could be used for Tableau.
Does that question make sense?
I can confirm that this approach works well.
For anyone else reading: setting the clickjacking defense option via tabadmin does NOT set the X-Frame-Options header. Instead, it injects pages with a framekiller script.
From some cursory reading, it would appear that the latter approach is generally preferred as it is more cross-browser.
SAML in Tableau requires an HTTP-POST Assertion in response to an SP Initiated POST Request.The request is signed and the Assertion must be signed. I cannot see how you would do a SAML authentication with Headers alone.