13 Replies Latest reply on Oct 6, 2016 11:04 AM by Hans Huisken

    ADFS 3.0 SAML not working

    Sam Hall

      I followed the steps in this guide to use SAML with a ADFS 3.0 IdP... Authenticating an External Tableau Server using SAML & AD FS

       

      However, Tableau doesn't start. Just a white page loads. This Tableau server is behind F5 LTM with SSL offload enabled such that https://tableau.mydomain.com ultimately terminates at http://tableauserver:8000. I don't know if this is causing the problem but there's nothing in the logs that indicates that to me.

       

      The other difference from what's suggested in The Information Lab guide is that I didn't use my client facing cert/key pair for SAML signing. I used a self signed cert/key pair instead, as I don't understand why you'd want to encourage anyone to proliferate the real SSL cert/key pairs if you can avoid it. SAML and ADFS certainly have no requirement for you to do so, I'd hope that Tableau hasn't introduced such a requirement. I did however ensure the common name matched (for whatever reason that suggestion was made).

       

      Does anyone have an F5 APM solution to SSO with Tableau? I tried configuring a simple NTLM SSO configuration and enabling "Auto Login" on Tableau, but that didn't work as it would for other NTLM enabled services such as Sharepoint. Basic Auth doesn't seem to be an option, and Forms Based is confounded by the amazingly complicated login form. Is there a simple HTTP Post login option for Tableau that I could use instead? I've yet to try a Kerberos config as I need a domain admin account to set it up apparently so I'll only go down that track if someone suggests it's a winner.

       

      Tableau\Tableau Server\data\tabsvc\logs\wgserver\wgserver-0 contains all this stuff...

      2015-10-28 15:54:01.083 +0930 localhost-startStop-1   WARN  : org.springframework.web.context.support.XmlWebApplicationContext - Exception encountered during context initialization - cancelling refresh attempt
      org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChains': Cannot resolve reference to bean 'org.springframework.security.web.DefaultSecurityFilterChain#0' while setting bean property 'sourceList' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#0': Cannot resolve reference to bean 'samlFilter' while setting constructor argument with key [2]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'samlFilter' defined in URL [file:/D:/Program%20Files/Tableau/Tableau%20Server/data/tabsvc/config/wgserver/samlSecurityContext.xml]: Cannot resolve reference to bean 'samlEntryPoint' while setting bean property 'filterChainMap' with key [Root bean: class [org.springframework.security.web.util.matcher.AntPathRequestMatcher]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null] with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'samlEntryPoint': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.saml.SAMLEntryPoint.setMetadata(org.springframework.security.saml.metadata.MetadataManager); nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'metadata': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.saml.metadata.MetadataManager.setKeyManager(org.springframework.security.saml.key.KeyManager); nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'keyManager' defined in URL [file:/D:/Program%20Files/Tableau/Tableau%20Server/data/tabsvc/config/wgserver/samlSecurityContext.xml]: Bean instantiation via constructor failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.tableausoftware.domain.user.saml.TabKeyManager]: Constructor threw exception; nested exception is java.security.KeyStoreException: Cannot store non-PrivateKeys
           at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:359)
           at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
           at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:382)
           at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:157)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1477)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1222)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:537)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
           at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
           at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
           at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
           at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
           at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:736)
           at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:757)
           at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:480)
           at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:403)
           at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:306)
           at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:106)
           at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4994)
           at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5492)
           at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
           at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1575)
           at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1565)
           at java.util.concurrent.FutureTask.run(FutureTask.java:266)
           at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
           at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
           at java.lang.Thread.run(Thread.java:745)
      Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#0': Cannot resolve reference to bean 'samlFilter' while setting constructor argument with key [2]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'samlFilter' defined in URL [file:/D:/Program%20Files/Tableau/Tableau%20Server/data/tabsvc/config/wgserver/samlSecurityContext.xml]: Cannot resolve reference to bean 'samlEntryPoint' while setting bean property 'filterChainMap' with key [Root bean: class [org.springframework.security.web.util.matcher.AntPathRequestMatcher]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null] with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'samlEntryPoint': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.saml.SAMLEntryPoint.setMetadata(org.springframework.security.saml.metadata.MetadataManager); nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'metadata': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.saml.metadata.MetadataManager.setKeyManager(org.springframework.security.saml.key.KeyManager); nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'keyManager' defined in URL [file:/D:/Program%20Files/Tableau/Tableau%20Server/data/tabsvc/config/wgserver/samlSecurityContext.xml]: Bean instantiation via constructor failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.tableausoftware.domain.user.saml.TabKeyManager]: Constructor threw exception; nested exception is java.security.KeyStoreException: Cannot store non-PrivateKeys
           at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:359)
           at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
           at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:382)
           at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:157)
           at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:634)
           at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:140)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1139)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1042)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:504)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
           at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
           at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
           at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
           at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
           at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
           ... 26 more
      Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'samlFilter' defined in URL [file:/D:/Program%20Files/Tableau/Tableau%20Server/data/tabsvc/config/wgserver/samlSecurityContext.xml]: Cannot resolve reference to bean 'samlEntryPoint' while setting bean property 'filterChainMap' with key [Root bean: class [org.springframework.security.web.util.matcher.AntPathRequestMatcher]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null] with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'samlEntryPoint': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.saml.SAMLEntryPoint.setMetadata(org.springframework.security.saml.metadata.MetadataManager); nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'metadata': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.saml.metadata.MetadataManager.setKeyManager(org.springframework.security.saml.key.KeyManager); nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'keyManager' defined in URL [file:/D:/Program%20Files/Tableau/Tableau%20Server/data/tabsvc/config/wgserver/samlSecurityContext.xml]: Bean instantiation via constructor failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.tableausoftware.domain.user.saml.TabKeyManager]: Constructor threw exception; nested exception is java.security.KeyStoreException: Cannot store non-PrivateKeys
           at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:359)
           at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
           at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:382)
           at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:157)
           at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedMap(BeanDefinitionValueResolver.java:407)
           at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:165)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1477)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1222)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:537)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
           at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
           at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
           at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
           at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
           at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
           ... 40 more
      Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'samlEntryPoint': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.saml.SAMLEntryPoint.setMetadata(org.springframework.security.saml.metadata.MetadataManager); nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'metadata': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.saml.metadata.MetadataManager.setKeyManager(org.springframework.security.saml.key.KeyManager); nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'keyManager' defined in URL [file:/D:/Program%20Files/Tableau/Tableau%20Server/data/tabsvc/config/wgserver/samlSecurityContext.xml]: Bean instantiation via constructor failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.tableausoftware.domain.user.saml.TabKeyManager]: Constructor threw exception; nested exception is java.security.KeyStoreException: Cannot store non-PrivateKeys
           at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:334)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1210)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:537)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
           at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
           at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
           at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
           at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
           at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
           ... 54 more
      Caused by: org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.saml.SAMLEntryPoint.setMetadata(org.springframework.security.saml.metadata.MetadataManager); nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'metadata': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.saml.metadata.MetadataManager.setKeyManager(org.springframework.security.saml.key.KeyManager); nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'keyManager' defined in URL [file:/D:/Program%20Files/Tableau/Tableau%20Server/data/tabsvc/config/wgserver/samlSecurityContext.xml]: Bean instantiation via constructor failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.tableausoftware.domain.user.saml.TabKeyManager]: Constructor threw exception; nested exception is java.security.KeyStoreException: Cannot store non-PrivateKeys
           at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:649)
           at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:88)
           at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:331)
           ... 62 more
      Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'metadata': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.saml.metadata.MetadataManager.setKeyManager(org.springframework.security.saml.key.KeyManager); nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'keyManager' defined in URL [file:/D:/Program%20Files/Tableau/Tableau%20Server/data/tabsvc/config/wgserver/samlSecurityContext.xml]: Bean instantiation via constructor failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.tableausoftware.domain.user.saml.TabKeyManager]: Constructor threw exception; nested exception is java.security.KeyStoreException: Cannot store non-PrivateKeys
           at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:334)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1210)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:537)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
           at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
           at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
           at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
           at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
           at org.springframework.beans.factory.support.DefaultListableBeanFactory.findAutowireCandidates(DefaultListableBeanFactory.java:1120)
           at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1044)
           at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:942)
           at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:606)
           ... 64 more
      Caused by: org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.saml.metadata.MetadataManager.setKeyManager(org.springframework.security.saml.key.KeyManager); nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'keyManager' defined in URL [file:/D:/Program%20Files/Tableau/Tableau%20Server/data/tabsvc/config/wgserver/samlSecurityContext.xml]: Bean instantiation via constructor failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.tableausoftware.domain.user.saml.TabKeyManager]: Constructor threw exception; nested exception is java.security.KeyStoreException: Cannot store non-PrivateKeys
           at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:649)
           at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:88)
           at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:331)
           ... 75 more
      Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'keyManager' defined in URL [file:/D:/Program%20Files/Tableau/Tableau%20Server/data/tabsvc/config/wgserver/samlSecurityContext.xml]: Bean instantiation via constructor failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.tableausoftware.domain.user.saml.TabKeyManager]: Constructor threw exception; nested exception is java.security.KeyStoreException: Cannot store non-PrivateKeys
           at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:275)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1139)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1042)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:504)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
           at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
           at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
           at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
           at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
           at org.springframework.beans.factory.support.DefaultListableBeanFactory.findAutowireCandidates(DefaultListableBeanFactory.java:1120)
           at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1044)
           at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:942)
           at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:606)
           ... 77 more
      Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.tableausoftware.domain.user.saml.TabKeyManager]: Constructor threw exception; nested exception is java.security.KeyStoreException: Cannot store non-PrivateKeys
           at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:163)
           at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:122)
           at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:267)
           ... 89 more
      Caused by: java.security.KeyStoreException: Cannot store non-PrivateKeys
           at sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:250)
           at sun.security.provider.JavaKeyStore$JKS.engineSetKeyEntry(JavaKeyStore.java:55)
           at java.security.KeyStore.setKeyEntry(KeyStore.java:1140)
           at com.tableausoftware.domain.user.saml.TabKeyManager.getKeyStore(TabKeyManager.java:159)
           at com.tableausoftware.domain.user.saml.TabKeyManager.(TabKeyManager.java:99)
           at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
           at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
           at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
           at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
           at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:147)
           ... 91 more
      2015-10-28 15:54:01.083 +0930 localhost-startStop-1   ERROR : org.springframework.web.context.ContextLoader - Context initialization failed
      org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChains': Cannot resolve reference to bean 'org.springframework.security.web.DefaultSecurityFilterChain#0' while setting bean property 'sourceList' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#0': Cannot resolve reference to bean 'samlFilter' while setting constructor argument with key [2]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'samlFilter' defined in URL [file:/D:/Program%20Files/Tableau/Tableau%20Server/data/tabsvc/config/wgserver/samlSecurityContext.xml]: Cannot resolve reference to bean 'samlEntryPoint' while setting bean property 'filterChainMap' with key [Root bean: class [org.springframework.security.web.util.matcher.AntPathRequestMatcher]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null] with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'samlEntryPoint': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.saml.SAMLEntryPoint.setMetadata(org.springframework.security.saml.metadata.MetadataManager); nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'metadata': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.saml.metadata.MetadataManager.setKeyManager(org.springframework.security.saml.key.KeyManager); nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'keyManager' defined in URL [file:/D:/Program%20Files/Tableau/Tableau%20Server/data/tabsvc/config/wgserver/samlSecurityContext.xml]: Bean instantiation via constructor failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.tableausoftware.domain.user.saml.TabKeyManager]: Constructor threw exception; nested exception is java.security.KeyStoreException: Cannot store non-PrivateKeys
           at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:359)
           at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
           at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:382)
           at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:157)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1477)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1222)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:537)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
           at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
           at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
           at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
           at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
           at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:736)
           at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:757)
           at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:480)
           at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:403)
           at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:306)
           at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:106)
           at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4994)
           at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5492)
           at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
           at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1575)
           at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1565)
           at java.util.concurrent.FutureTask.run(FutureTask.java:266)
           at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
           at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
           at java.lang.Thread.run(Thread.java:745)
      Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#0': Cannot resolve reference to bean 'samlFilter' while setting constructor argument with key [2]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'samlFilter' defined in URL [file:/D:/Program%20Files/Tableau/Tableau%20Server/data/tabsvc/config/wgserver/samlSecurityContext.xml]: Cannot resolve reference to bean 'samlEntryPoint' while setting bean property 'filterChainMap' with key [Root bean: class [org.springframework.security.web.util.matcher.AntPathRequestMatcher]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null] with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'samlEntryPoint': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.saml.SAMLEntryPoint.setMetadata(org.springframework.security.saml.metadata.MetadataManager); nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'metadata': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.saml.metadata.MetadataManager.setKeyManager(org.springframework.security.saml.key.KeyManager); nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'keyManager' defined in URL [file:/D:/Program%20Files/Tableau/Tableau%20Server/data/tabsvc/config/wgserver/samlSecurityContext.xml]: Bean instantiation via constructor failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.tableausoftware.domain.user.saml.TabKeyManager]: Constructor threw exception; nested exception is java.security.KeyStoreException: Cannot store non-PrivateKeys
           at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:359)
           at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
           at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:382)
           at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:157)
           at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:634)
           at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:140)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1139)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1042)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:504)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
           at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
           at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
           at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
           at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
           at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
           ... 26 more
      Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'samlFilter' defined in URL [file:/D:/Program%20Files/Tableau/Tableau%20Server/data/tabsvc/config/wgserver/samlSecurityContext.xml]: Cannot resolve reference to bean 'samlEntryPoint' while setting bean property 'filterChainMap' with key [Root bean: class [org.springframework.security.web.util.matcher.AntPathRequestMatcher]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null] with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'samlEntryPoint': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.saml.SAMLEntryPoint.setMetadata(org.springframework.security.saml.metadata.MetadataManager); nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'metadata': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.saml.metadata.MetadataManager.setKeyManager(org.springframework.security.saml.key.KeyManager); nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'keyManager' defined in URL [file:/D:/Program%20Files/Tableau/Tableau%20Server/data/tabsvc/config/wgserver/samlSecurityContext.xml]: Bean instantiation via constructor failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.tableausoftware.domain.user.saml.TabKeyManager]: Constructor threw exception; nested exception is java.security.KeyStoreException: Cannot store non-PrivateKeys
           at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:359)
           at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
           at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:382)
           at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:157)
           at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedMap(BeanDefinitionValueResolver.java:407)
           at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:165)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1477)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1222)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:537)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
           at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
           at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
           at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
           at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
           at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
           ... 40 more
      Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'samlEntryPoint': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.saml.SAMLEntryPoint.setMetadata(org.springframework.security.saml.metadata.MetadataManager); nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'metadata': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.saml.metadata.MetadataManager.setKeyManager(org.springframework.security.saml.key.KeyManager); nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'keyManager' defined in URL [file:/D:/Program%20Files/Tableau/Tableau%20Server/data/tabsvc/config/wgserver/samlSecurityContext.xml]: Bean instantiation via constructor failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.tableausoftware.domain.user.saml.TabKeyManager]: Constructor threw exception; nested exception is java.security.KeyStoreException: Cannot store non-PrivateKeys
           at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:334)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1210)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:537)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
           at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
           at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
           at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
           at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
           at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
           ... 54 more
      Caused by: org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.saml.SAMLEntryPoint.setMetadata(org.springframework.security.saml.metadata.MetadataManager); nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'metadata': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.saml.metadata.MetadataManager.setKeyManager(org.springframework.security.saml.key.KeyManager); nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'keyManager' defined in URL [file:/D:/Program%20Files/Tableau/Tableau%20Server/data/tabsvc/config/wgserver/samlSecurityContext.xml]: Bean instantiation via constructor failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.tableausoftware.domain.user.saml.TabKeyManager]: Constructor threw exception; nested exception is java.security.KeyStoreException: Cannot store non-PrivateKeys
           at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:649)
           at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:88)
           at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:331)
           ... 62 more
      Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'metadata': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.saml.metadata.MetadataManager.setKeyManager(org.springframework.security.saml.key.KeyManager); nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'keyManager' defined in URL [file:/D:/Program%20Files/Tableau/Tableau%20Server/data/tabsvc/config/wgserver/samlSecurityContext.xml]: Bean instantiation via constructor failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.tableausoftware.domain.user.saml.TabKeyManager]: Constructor threw exception; nested exception is java.security.KeyStoreException: Cannot store non-PrivateKeys
           at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:334)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1210)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:537)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
           at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
           at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
           at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
           at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
           at org.springframework.beans.factory.support.DefaultListableBeanFactory.findAutowireCandidates(DefaultListableBeanFactory.java:1120)
           at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1044)
           at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:942)
           at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:606)
           ... 64 more
      Caused by: org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.saml.metadata.MetadataManager.setKeyManager(org.springframework.security.saml.key.KeyManager); nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'keyManager' defined in URL [file:/D:/Program%20Files/Tableau/Tableau%20Server/data/tabsvc/config/wgserver/samlSecurityContext.xml]: Bean instantiation via constructor failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.tableausoftware.domain.user.saml.TabKeyManager]: Constructor threw exception; nested exception is java.security.KeyStoreException: Cannot store non-PrivateKeys
           at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:649)
           at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:88)
           at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:331)
           ... 75 more
      Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'keyManager' defined in URL [file:/D:/Program%20Files/Tableau/Tableau%20Server/data/tabsvc/config/wgserver/samlSecurityContext.xml]: Bean instantiation via constructor failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.tableausoftware.domain.user.saml.TabKeyManager]: Constructor threw exception; nested exception is java.security.KeyStoreException: Cannot store non-PrivateKeys
           at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:275)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1139)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1042)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:504)
           at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
           at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
           at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
           at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
           at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
           at org.springframework.beans.factory.support.DefaultListableBeanFactory.findAutowireCandidates(DefaultListableBeanFactory.java:1120)
           at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1044)
           at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:942)
           at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:606)
           ... 77 more
      Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.tableausoftware.domain.user.saml.TabKeyManager]: Constructor threw exception; nested exception is java.security.KeyStoreException: Cannot store non-PrivateKeys
           at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:163)
           at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:122)
           at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:267)
           ... 89 more
      Caused by: java.security.KeyStoreException: Cannot store non-PrivateKeys
           at sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:250)
           at sun.security.provider.JavaKeyStore$JKS.engineSetKeyEntry(JavaKeyStore.java:55)
           at java.security.KeyStore.setKeyEntry(KeyStore.java:1140)
           at com.tableausoftware.domain.user.saml.TabKeyManager.getKeyStore(TabKeyManager.java:159)
           at com.tableausoftware.domain.user.saml.TabKeyManager.(TabKeyManager.java:99)
           at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
           at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
           at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
           at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
           at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:147)
           ... 91 more
      
        • 1. Re: ADFS 3.0 SAML not working
          Damien Lesage

          Hello,

           

          Concerning the self-signing key, this is not an issue. It works for us with ADFS 3.0.

           

          In the error, I can see you are using a non private key. Make sure you have a RSA or DPA private key file. The file should start with something like -----BEGIN RSA PRIVATE KEY-----.(see "Certificate Key File" in http://onlinehelp.tableau.com/current/server/en-us/help.htm#saml_requ.htm)

           

          To get this private key, you can use the following openssl command:

          openssl rsa -in [keyfile.key] -outform PEM -out [keyfile-rsa.key]

           

           

          Hope this helps,

          Damien.

          • 2. Re: ADFS 3.0 SAML not working
            Sam Hall

            Ok, I literally just took the Apache style PEM crt/key pair files and imported them thinking that's all that was required. I've checked and my key file starts with just "-----BEGIN PRIVATE KEY-----". Thanks for the advice, I'll try it out tomorrow when I'm back at work. Hope this works!

            • 3. Re: ADFS 3.0 SAML not working
              Sam Hall

              This worked like a charm, however I'm now having other dramas. Got some error pages trying to load http://hostname:8000, so I removed the reverse proxy/SSL Offload component but now after visiting AD FS, I end up on https://tableau.mydomain.com/#/error/saml/5 with no clues in any log files as to what it didn't like about the AD FS response.

               

              Thanks for your help, I might open a job to get some further advice on a recommended SSO solution that's going to work best in our environment.

               

              Update: Actually I found what my SAML problem is by checking the Event Logs on Tableau server. The current Claim Rules aren't sending any information about the user's Domain and the Tableau server is simply assuming it's own domain and not finding the user. I need to learn how to Claim Rules to overcome that hurdle, then work out what to do about the redirect to port 8000 (or hope it will never occur again once SAML configuration is correct).

              • 4. Re: ADFS 3.0 SAML not working
                Damien Lesage

                Glad it helped.

                 

                For information, you might have login error with old sessions because ADFS is configured by default with a max authentication age bigger than the default configuration of Tableau Server (12 hours on ADFS). The parameter is set to 12 hours on ADFS.

                 

                If this occurs, I advice that you change this parameters to avoid this:

                tabadmin set wgserver.saml.maxauthenticationage 43200
                tabadmin set wgserver.saml.maxassertiontime 43200
                

                 

                Damien.

                1 of 1 people found this helpful
                • 5. Re: ADFS 3.0 SAML not working
                  Sam Hall

                  Thanks for the additional advice.

                   

                  I came up with 3 Claim Rules that work for me. Tableau support pointed me at the documentation that explained the correct username format in order to include domain name. Here I've just hard coded it, which is good enough for now. It should also be possible to grab the domain dynamically too.

                   

                   

                  c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
                    => add(store = "Active Directory", types = ("aduser"), query = ";sAMAccountName;{0}", param = c.Value);

                   

                  c:[Type == "aduser"]
                    => issue(Type = "username", Value = c.Value + "@mydomain.com");


                  >c:[Type == "aduser"]
                    => issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Value = c.Value + "@mydomain.com");

                   

                   

                  I configured all settings as recommended by Tableau for Reverse Proxy/ Load Balancer type configurations such as what we have, but nothing stopped that port 8000 redirect until I changed Tableau server port to run on port 80. That made it all much easier. Still then I added some logic on the F5 device to fix any redirects, ensuring the client stays on SSL. I also added some HSTS headers for even more assurance of keeping users on SSL. Make absolutely certain no redirects with hardcoded port numbers are hitting client browsers before enabling HSTS though, otherwise chaos ensues and you might need to explain to people how to manually clear their HSTS settings for the domain.

                  • 6. Re: ADFS 3.0 SAML not working
                    Tony Dellinger

                    Hi Damien,

                     

                    Regarding Tableau with SAML authentication to ADFS 3.0: Were there any changes to the instructions outlined in the Authenticating an External Tableau Server using SAML & AD FS  blog to get it to work? After following those instructions against an ADFS 3.0 server, we're getting an invalid username/password error from Tableau.

                     

                    Thanks,

                    Tony

                    • 7. Re: ADFS 3.0 SAML not working
                      Damien Lesage

                      Hello,

                       

                      I haven't heard about any change in configuration required. Actually, our configuration hasn't change between ADFS 2 and ADFS 3, being on Tableau Server 8.1 (version used in the blog post) or Tableau Server 9.3.

                       

                      If you have issue with SAML and ADFS, I'd advised you to open a new topic and paste your logs so we can understand the error you get better.

                       

                      Just to be sure, have you added the user in Tableau Server? You cannot login to a user that Tableau Server doesn't know.

                       

                      Damien.

                      • 8. Re: ADFS 3.0 SAML not working
                        Tony Dellinger

                        Hello,

                         

                        Yes, thanks for the reply. Yes, the user was added and verified to be able to log in before the SAML configuration was done.

                         

                        As far as logs, I set the wgserver.log for debug with the tabadmin command but the Tableau\Tableau Server\data\tabsvc\logs\wgserver folder is empty.

                         

                        Thanks,

                        Tony

                        • 9. Re: ADFS 3.0 SAML not working
                          Damien Lesage

                          With Tableau Server 9.3, the SAML logs might be located in another process logs. My best bet is VizPortal but I'm not sure.

                          • 10. Re: ADFS 3.0 SAML not working
                            Tony Dellinger

                            Damien,

                             

                            Can you tell me if the cert you’re using is SHA-1 or SHA-256 encrypted? I have reviewed our logs and matched the messages to article http://stackoverflow.com/questions/26134655/issues-while-integrating-adfs-with-spring-saml-extension.

                             

                            Our cert is SHA-256 encrypted and the ADFS 3.0 instance is expecting SHA-256. However, it appears that Tableau uses SAML 2.0 which can only support SHA-1.

                             

                            Thanks,

                            Tony

                            • 11. Re: ADFS 3.0 SAML not working
                              Sam Hall

                              Today I encountered the session age mismatch issue. Just wanted to thank you again Damien as the error logs didn't help one iota and I wouldn't have figured out what the issue was if you hadn't posted that pro-tip about maxauthenticationage and maxassertiontime.

                              • 12. Re: ADFS 3.0 SAML not working
                                Damien Lesage

                                You're welcome. Glad the information was useful.

                                • 13. Re: ADFS 3.0 SAML not working
                                  Hans Huisken

                                  First of all, Great work by Informationlab (Graig) on the blog how to configure SAML and the response here by Damien. Helped me a lot.

                                   

                                  Today i tested a SAML config in my lab as my customer was strugling with it.

                                  I'm using ADFS 3.0 (win2012r2) and TS 10.0.1. My certicates were ok, meaning sha-256 with a RSA key.

                                   

                                  While testing, after logging in on ADFS, Tableau showned 'Unable to sign in'.

                                  I saw an error in the event-viewer on the ADFS server, complaining about sha-1 and sha-256 encryption failure.

                                   

                                  I then changed the properties of 'Relying Party Trust' on the advanced tab, from sha-256 to sha-1.

                                  Immediatly after that change it worked, without restarting anything.

                                   

                                  To change tableau server to use sha256:

                                       tabadmin set wgserver.saml.sha256 true