1 Reply Latest reply on Aug 26, 2016 4:43 PM by diego.medrano

    OpenID Connect with Azure AD - Unable to sign in

    Alex Batchinski

      Hi!

       

      I've been trying to make auth using OpenID Connect to work for a couple of days now, no luck. So, I setup OIDC (OpenID Connect) in Tableau, I setup Azure AD (registered tableau as an app) and when I open my http://tableau-url I get redirected to Azure auth page. I sign in with Azure and then I get redirected to Tableau page saying 'signing in...', and then I get an error 'Unable to sign in'.

       

      Ok, I turn on logging in DEBUG mode for vizportal. And here's what I see in it:

       

      INFO  com.tableausoftware.app.vizportal.LoggingInterceptor - Request received: /v1/getServerSettingsUnauthenticated

      DEBUG com.tableausoftware.api.webclient.WebClientApiController - WebClient API: Request for method 'getServerSettingsUnauthenticated' received

      DEBUG org.hibernate.SQL - select languagepr0_.language_id as language1_52_, languagepr0_.display_name as display_2_52_, languagepr0_.display_order as display_3_52_, languagepr0_.help_link as help_lin4_52_, languagepr0_.locale_id as locale_i5_52_ from language_prefs languagepr0_ where languagepr0_.language_id=?

      DEBUG org.hibernate.SQL - select globalsett0_.id as id1_24_, globalsett0_.created_at as created_2_24_, globalsett0_.updated_at as updated_3_24_, globalsett0_.default_value as default_4_24_, globalsett0_.description as descript5_24_, globalsett0_.friendly_name as friendly6_24_, globalsett0_.hidden as hidden7_24_, globalsett0_.name as name8_24_, globalsett0_.setting_type as setting_9_24_, globalsett0_.sort_num as sort_nu10_24_, globalsett0_.value as value11_24_ from global_settings globalsett0_ where globalsett0_.name in (?)

      DEBUG com.tableausoftware.core.localization.LocaleHolder - Parsed en into en

      DEBUG org.hibernate.SQL - select globalsett0_.id as id1_24_, globalsett0_.created_at as created_2_24_, globalsett0_.updated_at as updated_3_24_, globalsett0_.default_value as default_4_24_, globalsett0_.description as descript5_24_, globalsett0_.friendly_name as friendly6_24_, globalsett0_.hidden as hidden7_24_, globalsett0_.name as name8_24_, globalsett0_.setting_type as setting_9_24_, globalsett0_.sort_num as sort_nu10_24_, globalsett0_.value as value11_24_ from global_settings globalsett0_ where globalsett0_.name in (?)

      DEBUG com.tableausoftware.core.localization.LocaleHolder - Parsed en_US into en_US

      INFO  com.tableausoftware.api.webclient.remoting.LocalizationInfoParameterProvider - Language: 'en', locale: 'en_US'

      INFO  com.tableausoftware.api.webclient.remoting.SimpleRemoteCallProxy - WebClient API: Calling getServerSettingsUnauthenticated

      DEBUG org.hibernate.SQL - select globalsett0_.id as id1_24_, globalsett0_.created_at as created_2_24_, globalsett0_.updated_at as updated_3_24_, globalsett0_.default_value as default_4_24_, globalsett0_.description as descript5_24_, globalsett0_.friendly_name as friendly6_24_, globalsett0_.hidden as hidden7_24_, globalsett0_.name as name8_24_, globalsett0_.setting_type as setting_9_24_, globalsett0_.sort_num as sort_nu10_24_, globalsett0_.value as value11_24_ from global_settings globalsett0_ where globalsett0_.name in (?)

      DEBUG com.tableausoftware.core.localization.LocaleHolder - Parsed en into en

      DEBUG org.hibernate.SQL - select globalsett0_.id as id1_24_, globalsett0_.created_at as created_2_24_, globalsett0_.updated_at as updated_3_24_, globalsett0_.default_value as default_4_24_, globalsett0_.description as descript5_24_, globalsett0_.friendly_name as friendly6_24_, globalsett0_.hidden as hidden7_24_, globalsett0_.name as name8_24_, globalsett0_.setting_type as setting_9_24_, globalsett0_.sort_num as sort_nu10_24_, globalsett0_.value as value11_24_ from global_settings globalsett0_ where globalsett0_.name in (?)

      DEBUG com.tableausoftware.core.localization.LocaleHolder - Parsed en_US into en_US

      DEBUG org.hibernate.SQL - select globalsett0_.id as id1_24_, globalsett0_.created_at as created_2_24_, globalsett0_.updated_at as updated_3_24_, globalsett0_.default_value as default_4_24_, globalsett0_.description as descript5_24_, globalsett0_.friendly_name as friendly6_24_, globalsett0_.hidden as hidden7_24_, globalsett0_.name as name8_24_, globalsett0_.setting_type as setting_9_24_, globalsett0_.sort_num as sort_nu10_24_, globalsett0_.value as value11_24_ from global_settings globalsett0_ where globalsett0_.name in (?)

      INFO  com.tableausoftware.app.vizportal.LoggingInterceptor - Request completed: /v1/getServerSettingsUnauthenticated with status 200

      INFO  com.tableausoftware.app.vizportal.LoggingInterceptor - Request received: /v1/recordNavigationTiming

      DEBUG com.tableausoftware.api.webclient.WebClientApiController - WebClient API: Request for method 'recordNavigationTiming' received

      INFO  com.tableausoftware.app.vizportal.LoggingInterceptor - Request received: /v1/getSessionInfo

      INFO  com.tableausoftware.api.webclient.remoting.SimpleRemoteCallProxy - WebClient API: Calling recordNavigationTiming

      DEBUG com.tableausoftware.api.webclient.WebClientApiController - WebClient API: Request for method 'getSessionInfo' received

      INFO  com.tableausoftware.core.util.CSRFUtils - No xsrf cookie was found in request. Cookie invalid.

      INFO  com.tableausoftware.api.webclient.remoting.AuthenticatedUserParameterProvider - WebClient: called API method has parameter of IAuthenticatedUser type, but when called there was no logged in user. Responding with 'InvalidSessionException'.

      DEBUG com.tableausoftware.core.util.RemoteIP - Found header https in X_FORWARDED_PROTO

      INFO  com.tableausoftware.api.webclient.WebClientApiController - com.tableausoftware.domain.exceptions.InvalidSessionException: Session not found. (errorCode=46)

      DEBUG org.hibernate.SQL - select startupinf0_.id as id1_81_, startupinf0_.level as level2_81_, startupinf0_.module as module3_81_, startupinf0_.value as value4_81_ from startup_infos startupinf0_ where startupinf0_.module=?

      INFO  com.tableausoftware.api.util.NavigationTimingRecorder - Page load times (ms): {"endToEnd":1821,"requestStartToOnLoad":546,"requestStartToDomContentLoaded":504,"redirect":0,"appCache":0,"dns":0,"connect":188,"secureConnect":0,"request":205,"response":8,"dom":341}

      INFO  com.tableausoftware.app.vizportal.LoggingInterceptor - Request completed: /v1/recordNavigationTiming with status 200

      INFO  com.tableausoftware.app.vizportal.LoggingInterceptor - Request completed: /v1/getSessionInfo with status 401

      INFO  com.tableausoftware.app.vizportal.LoggingInterceptor - Request received: /v1/auth/openId

      DEBUG com.tableausoftware.core.util.RemoteIP - Found header https in X_FORWARDED_PROTO

      DEBUG com.tableausoftware.core.controller.RelativeRedirectFilter - Redirect location "https://login.windows.net/[guid]/oauth2/authorize?response_type=code&client_id=d33aa1b6-51db-4fc2-9342-e75ebf1d23b1&redirect_uri=https%3A%2F%2Fouttableauserver.com%2Fvizportal%2Fapi%2Fweb%2Fv1%2Fauth%2FopenIdLogin&scope=openid+email+profile&state=path%3D%2F%26XSRF-TOKEN%3DFYYUkxENaTQKzNLtaXCH9LilgBZRKMti&nonce=lBGaAk3MiVc" is already absolute

      INFO  com.tableausoftware.app.vizportal.LoggingInterceptor - Request completed: /v1/auth/openId with status 302

      INFO  com.tableausoftware.app.vizportal.LoggingInterceptor - Request received: /v1/getSessionInfo

      DEBUG com.tableausoftware.api.webclient.WebClientApiController - WebClient API: Request for method 'getSessionInfo' received

      DEBUG com.tableausoftware.core.util.CSRFUtils - Cookie validation for XSRF successful.

      DEBUG com.tableausoftware.core.user.SessionCookieResolver - Session Id  was found in the request. Proceeding to validate.

      DEBUG org.hibernate.SQL - select session0_.id as id1_75_, session0_.created_at as created_2_75_, session0_.data as data3_75_, session0_.session_id as session_4_75_, session0_.updated_at as updated_5_75_, session0_.user_id as user_id8_75_, session0_.shared_vizql_write as shared_v6_75_, session0_.shared_wg_write as shared_w7_75_ from sessions session0_ where session0_.session_id=?

      DEBUG com.tableausoftware.model.workgroup.Session - No Session was passed in

      DEBUG com.tableausoftware.core.user.SessionCookieResolver - Session Id  was expired or invalid.

      DEBUG com.tableausoftware.core.user.SessionCookieResolver - No session Id was found in the request.

      INFO  com.tableausoftware.core.util.CSRFUtils - No authenticated user was found from request (non oauth).

      DEBUG com.tableausoftware.core.user.SessionCookieResolver - No session Id was found in the request.

      DEBUG com.tableausoftware.core.user.SessionCookieResolver - No session Id was found in the request.

      INFO  com.tableausoftware.api.webclient.remoting.AuthenticatedUserParameterProvider - WebClient: called API method has parameter of IAuthenticatedUser type, but when called there was no logged in user. Responding with 'InvalidSessionException'.

      DEBUG com.tableausoftware.core.util.RemoteIP - Found header https in X_FORWARDED_PROTO

      INFO  com.tableausoftware.api.webclient.WebClientApiController - com.tableausoftware.domain.exceptions.InvalidSessionException: Session not found. (errorCode=46)

       

      I highlighted the most important lines in my opinion. Why is it dropping this session?

       

      Anyway, how to fix this? Any hints?

       

      Thanks, Alex