6 Replies Latest reply on Aug 25, 2016 10:49 PM by Larsen Rennie

    SAML Authentication

    Larsen Rennie

      Hi All

       

      I have some doubts regarding SAML authentication. As my understanding of SAML authentication,it means that Service Provider and Identity Provider has established a trust relationship by setting up the required information,importing certificates etc at the time of setup.

       

      if i put in more practical way , suppose i am working in ABC company and we have set up Tableau Desktop and Tableau Server in my company for reporting purposes. So according to the definition of SAML the service provider here is Tableau Software and IDP is ABC .

       

      So when the user who works at company ABC tries to sign on to Tableau server , if SAML is initiated by Service Provider(which in this case is Tableau Sofwtare) it will send a request to the IDP (which is ABC company) and once IDP verifies the user it send request back to the SP to provide access to the user to the secure environment.

       

      So i wanted to know that from you that does my interpretation of SAML single sign on is correct or not. I am bit confused in this concept. Anybody who will help in clarifying this will be highly thankful

       

       

       

      Regards

      Larsen

        • 1. Re: SAML Authentication
          Matthias Goossens

          Hey Larsen,

           

          I have worked with SAML in combination with Tableau and my experience was the following:

           

          Tableau Server was enabled with SAML and worked in combination with Oracle Identity and Access Management.

          The company had multiple applications but didn't really want a seperate login screen for each of the applications.

           

          That's where IAM came in place, when you entered the URL of an application you were forwarded to the login page of IAM.

          In case your credentials were correct and you were a user of the underlying application the access was granted.

           

          So I enter the URL of my Tableau server. The first thing I see is a login screen not belonging to Tableau Server. After I've provided my credentials I can be forwarded to Tableau Server.

           

          I hope this made it a bit more clear.

           

          Regards,

          Matthias

          • 2. Re: SAML Authentication
            Larsen Rennie

            Hi Matthias

             

            Here we are not using oracle identity access management . i am here trying to understand the SAML in layman terms . like  who is  Service Provider and who is Identity provider.I am looking for an example which is practically easy to understand

            • 3. Re: SAML Authentication
              Matthias Goossens

              Hey Larsen,

               

              I will try to explain it with the same setup again but with the terms of Service Provider and Identity Provider.

               

              1. I enter the URL of my Tableau Server (Service Provider)

              2. Tableau receives an access request and is going to forward it the the Identity Provider. In my case this is the Oracle Identity and Access Management option

              3. This Identity Provider is going to request my username and password

              4. The Identity Provider sends a SAML SUCCESS to the Service Provider (Tableau)

              5. The user gets access to the Service Provider

               

               

              Hope this makes it more clear !

               

               

              Matthias

              • 4. Re: SAML Authentication
                Larsen Rennie

                Hi Matthias

                 

                This is helpful but i have one doubt. Suppose if i am not using Oracle identity and Access Management are there others Identity providers available  or the one which you have mentioned is the only identity provider because i am not aware of the backend process how SAML works internally. Initially i was thinking of Identity provider was of company Active Directory which will authenticate users and send the request back to Service provider. to give access to the tableau server.

                 

                One more thing how can i check which identity software management suite my company is using for SAML ?

                • 5. Re: SAML Authentication
                  Matthias Goossens

                  Hey Larsen,

                   

                  It's perfectly possible to use your Active Directory in combination with Tableau Server, but no SAML is required to set this connection up.

                  SAML is used with a seperate access manager besides your Active Directory.

                   

                  Check out this link if you're looking for access management software options:

                  http://solutionsreview.com/identity-management/identity-management-solutions-directory/

                   

                   

                  Matthias

                  • 6. Re: SAML Authentication
                    Larsen Rennie

                    Thanks Matthias

                     

                    It was very helpful.