3 Replies Latest reply on Mar 24, 2015 1:32 PM by Hugh Nguyen

    Configure trusted auth

    Gopinath Srirangan


      What is the steps involved for configuring trusted auth for Tableau server with proxies and Load balancer?


      From step 3 in configuring trusted in admin user guide

      tabadmin set wgserver.trusted_hosts "webserv1, webserv2, webserv3"  doesn't work with actual web server but works fine for

      tabadmin set wgserver.trusted_hosts "proxy1, proxy2, proxy3"

      From Step 4

      4. If you have one or more proxy servers between the computer that is requesting the trusted ticket (one of those configured in step 2, above) and Tableau Server, you also need to add them as trusted gateways. See Configure Tableau to Work with a Proxy Server for steps.

      After following the step in "Configure Tableau to work with a proxy server" i'm still not able to get auth ticket.

      I couldn't find the command tabadmin set wgserver.trusted_hosts "proxy1, proxy2, proxy3"   in Configure Tableau to Work with a Proxy Server.

      After "Adding Load balancer" it worked .

      "Configuring Load Balancer" is not tied with "configuring trusted auth" as like proxy.


      Out of trial and error i got trusted auth to work. Is there anything i missed ?

        • 2. Re: Configure trusted auth
          Gopinath Srirangan

          Hi Raj,

          Yes I tried all those steps and doesn't work unless I tried tabadmin set wgserver.trusted_hosts "proxy1, proxy2, proxy3" . From Tableau support,


          The recommend way is first setting up the proxy and load
          balancer for the Tableau Server, then set up the trusted hosts by using
          "tabadmin set wgserver.trusted_hosts" command. Please note that:


          1. All the IPs along the route of the user request,
            including the proxy IP and load balancer IP, need to be added as trusted hosts.
          2. Since every time the "tabadmin set
            wgserver.trusted_hosts" command runs it will replace the previous trusted
            hosts, all hosts must be added in 1 command.




          My question is:

          Question 1:

          Steps given in http://onlinehelp.tableau.com/current/server/en-us/help.htm#trusted_auth_trustIP.htm
          is configuring trusted auth and proxy setup is in step 4. But the
          recommendation given for this case is “recommend way is first setting up the
          proxy and load balancer for the Tableau Server, then set up the trusted hosts
          by using "tabadmin set wgserver.trusted_hosts" command“. So should I
          start with setting up load balancer, proxy and trusted auth and when setting up
          trusted auth and should I skip step 4 in http://onlinehelp.tableau.com/current/server/en-us/help.htm#trusted_auth_trustIP.htm?



          Tabadmin command looks similar for setting up load
          balancer and proxy. If setting starts with load balancer and the proxy then all
          LB settings are overridden with proxy. Is that recommended? If so why should
          start setting up load balancer first and then proxy ?

          This process doesn’t worked and only try with setting
          load balancer worked with tabadmin set wgserver.trusted_hosts "proxy1,
          proxy2, proxy3.





          • 3. Re: Configure trusted auth
            Hugh Nguyen

            Hi Gopi,


            I think it makes sense that adding the proxies to wgserver.trusted_hosts works because the request will look like they are coming from the proxy. 


            A couple of of things to note:

            1. wgserver.trusted_hosts setting is not used with proxy/load balancer. Proxy/Load balancers use the settings, gateway.trusted and gateway.trusted_hosts.
            2. Load balancer is just a type of proxy.


            To answer your questions:

            1. I think Tableau Technical Support simply meant to say proxy "OR" load balancer. I think it makes logical sense to configure the proxy or load balancer to work with Tableau Server before setting up trusted auth, but order of operation shouldn't matter. What matters is that the proxy/load balancer is setup before attempting to request a trusted ticket.
            2. The set up for load balancer and proxy are essentially the same because like previously mentioned, a load balancer is just a type of proxy. So like you observed, this should only need to be done once.


            Question for you though:

            1. Are you saying that even after properly setting up for proxy/load balancer and trusted auth, that you are unable to request/redeem a ticket even until you have set tabadmin set wgserver.trusted_hosts "proxy1,
            proxy2, proxy3?"


            If you haven't setup the proxy/load balancer, I suggest doing that first and then setup trusted auth withOUT setting wgserver to trust the proxy, but instead it should trust the webserver ip addresses. Then see if that works.