7 Replies Latest reply on Aug 21, 2016 2:50 AM by Russell Christopher

    SSO - Tableau Server as IDP

    Ameya Kandalkar

      Hi,

       

      I have a use case. I have a PHP admin portal built in Laravel framework. I have a Tableau server hosted on EC2. I want user to visit the admin portal which will take user to Tableau login page(if not logged in to Tableau) validate the user with tableau user database and return the response.

       

      I have few questions, some of them are quite obvious but I just want to confirm it.

       

      1. In the above mentioned use case admin portal will be SP, right?
      2. In the above mentioned use case Tableau server will be an IDP, right?
      3. Can we use/configure  Tableau server as IDP? and How?

       

      It would be a great help if you answers these question and a bit explanation for question 3.

       

      Thanks in advance,

      Paresh (kendreparesh@gmail.com)

        • 1. Re: SSO - Tableau Server as IDP
          Derrick Austin

          Hey Paresh,

           

          It sounds like you are referring to a SAML setup. Tableau does not function as an IdP in that manner.

          (Tableau could be used as an identity provider using the REST API, but not in a page forward type manner, it would be through backend REST calls.)

           

          Tableau will, however, consume a third party IdP - so you could setup your Tableau instance to use SAML and use the same SAML setup on your administrative pages.

           

          Hope this helps!

          - Derrick

          • 2. Re: SSO - Tableau Server as IDP
            Ameya Kandalkar

            Hi Derrick,

             

            Thank you for your reply.

             

            (Tableau could be used as an identity provider using the REST API, but not in a page forward type manner, it would be through backend REST calls.)

            Could you please explain how we can do this.

             

            My use case is, Tableau is going to have the user management, and the users of admin portal will use the user name created on Tableau server (I don't want to explore Tableau to end users). Users will enter the username and password on admin portal which will get crosschecked with Tableau server and allows them to login or deny the access to admin portal. After login I am going to display the tableau dashboards only using either iframe or embed code.

             

            Please help

             

            Paresh (kendreparesh@gmail.com)

            • 3. Re: SSO - Tableau Server as IDP
              Derrick Austin

              Hey Paresh,

               

              Here is the documentation on the REST API login: https://onlinehelp.tableau.com/current/api/rest_api/en-us/help.htm#REST/rest_api_ref.htm#Sign_In

              You'll have to pass the credentials through to Tableau using a backend API call, then Tableau will validate and return a success/failure.

              • 4. Re: SSO - Tableau Server as IDP
                Ameya Kandalkar

                Hi Derrick,

                 

                Thanks you for pointing to right direction.

                I am able to call the REST API and get the access token.

                 

                My question is, can we view the tableau dashboard/workbooks in admin portal using the API. Currently I am using the embed code to embed the tableau dashboard in the admin portal. If API is not able to do the same, what is the alternate solution for this.

                 

                -Paresh

                • 5. Re: SSO - Tableau Server as IDP
                  Ameya Kandalkar

                  I have created a token using the REST API and tried to pass the token to the embed code like follow

                   

                  <param name="ticket" value="UHu5YzBKJLbv7vDk5rXFbEdUXT30kFWC" />

                   

                  . However I am getting the error saying

                  • Could not locate unexpired trusted ticket UHu5YzBKJLbv7vDk5rXFbEdUXT30kFWC

                   

                   

                  The token is created for default site (<site contentUrl="" />) and the I am trying to render a view of default site

                  (<param name='site_root' value='' />)

                   

                  Can you please advice.

                   

                  -Paresh (kendreparesh@gmail.com)

                  • 6. Re: SSO - Tableau Server as IDP
                    Ameya Kandalkar

                    Hi Derrick,

                    Thanks a lot for your responses.

                     

                    This is how I have solved this puzzle.

                     

                    Trusted Authentication is a key over here (How Trusted Authentication Works )

                    I followed this post (Trusted Authentication ) and it worked for me.

                     

                    Step 1. I have opend the command prompt of Tableau server. Fired following set of commands and added my PHP server's IP address(172.16.1.222) in the Trusted IP address list. (My PHP server has a webpage in which I want to embed the Tableau dashbaord, since php server's IP address)

                     

                    Cd E:\Tableau Server\9.3\bin

                    E:\Tableau Server\9.3\bin:\>tabadmin stop

                    E:\Tableau Server\9.3\bin:\>tabadmin set wgserver.trusted_hosts "172.16.1.222"

                    E:\Tableau Server\9.3\bin :\>tabadmin configure

                    E:\Tableau Server\9.3\bin:\>tabadmin start

                     

                    Step 2: Create php file on PHP server which will do 2 things, 1. get the "ticket" from the tableau server and 2nd embed the tableau dashbaord

                    Here is a code snippet

                    <?php

                    $username = "pkendre"; // tableau server user with Interactor site role

                    $password = "pkendre"; // password of tableau user

                    $sitename = ""; // blank for default

                    $URL = "http://172.16.1.233"; // my tableau server ip address

                    $remote_addr = "172.16.1.222"; // my php servers ip address

                     

                        function get_trusted_ticket($URL, $username, $server){

                     

                        //extract data from the post

                        //extract($_POST);

                     

                        //set POST variables

                        $url = $URL.'/trusted';

                     

                        $fields_string ='trusted_site=&username='.$username;

                      

                        //open connection

                        $ch = curl_init();

                     

                        //set the url, number of POST vars, POST data

                        curl_setopt($ch,CURLOPT_URL, $url);

                        curl_setopt($ch,CURLOPT_POST, 1);

                        curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string);

                     

                        //execute post

                        $token =  curl_exec($ch);

                        //return $token; // FOR SOME REASON, IF I UN COMMENT THIS LINE MY CODE DOES NOT WORK

                     

                        //close connection

                        curl_close($ch);

                        }

                    ?>

                    <!DOCTYPE html>

                    <html>

                        <head>

                            <title>Tableau - Dashboard</title>       

                            <script src="http://172.16.1.233/javascripts/api/tableau-2.js"></script>                    

                        </head> 

                        <body>

                            <div >         

                                <div id="tableauViz" >

                                    <script type='text/javascript' src='http://172.16.1.233/javascripts/api/viz_v1.js'></script>

                                    <div class='tableauPlaceholder' style='width: 1004px; height: 836px;'>

                                        <object class='tableauViz' width='1004' height='836' style='display:none;'>

                                            <param name='host_url' value='http%3A%2F%2F172.16.1.233%2F' />

                                            <param name='site_root' value='' />

                                            <param name='name' value='TABLEAU_PROJ_NAME/Dashboard1' />

                                            <param name='tabs' value='no' />

                                            <param name='toolbar' value='yes' />

                                            <param name='showShareOptions' value='false' />

                                             <param name="ticket" value="<?php echo get_trusted_ticket($URL, $username, $remote_addr); ?>" />

                                        </object>

                                    </div>

                                </div>

                            </div>

                        </body>

                    </html>

                     

                    Hope this may help.

                     

                    I am using Tableau Server (Trial version).

                     

                    -Paresh (kendreparesh@gmail.com)

                    • 7. Re: SSO - Tableau Server as IDP
                      Russell Christopher

                      I think you've discovered this, but a Token != a Trusted Ticket. They are two different things

                       

                      You generate a Trusted Ticket by hitting /trusted with a POST, you get a Token via the REST API.