2 Replies Latest reply on Oct 17, 2016 8:31 AM by Obed Tsimi

    Tableau Server 9.2 SAML problem

    emanuele.deangelis

      Hi all,

      i'm using Tableau Server 9.2 and i configured SAML authentication with picketlink Idp.

      I have a problem about POST Binding: when i try to contact tableau server, it redirect me to Idp login page, after i'm logged in with valid user name and password, nothing happened, i stay in the landing page and post vs tableau not work.

      I debug saml request that tableau server sent to Idp and seems wrong:

       

      10:00:24,577 DEBUG [org.picketlink.common] (http-/134.44.29.28:8680-1) SP Sent::Method = GET

      SAMLRequest=null

      SAMLResponse=null

      true

       

      10:00:25,634 DEBUG [org.picketlink.common] (http-/134.44.29.28:8680-1) SP Sent::Method = GET

      SAMLRequest=null

      SAMLResponse=null

      true

       

      10:00:25,734 DEBUG [org.picketlink.common] (http-/134.44.29.28:8680-2) SP Sent::Method = GET

      SAMLRequest=null

      SAMLResponse=null

      true

       

      10:00:25,788 DEBUG [org.picketlink.common] (http-/134.44.29.28:8680-1) SP Sent::Method = GET

      SAMLRequest=null

      SAMLResponse=null

      true

       

      Can you help me to resolve this issue? How can debug? How can check if i have an error in the tableau configuration?

      Thanks

        • 1. Re: Tableau Server 9.2 SAML problem
          emanuele.deangelis

          This is a SAML token generate when call a tableau URL:

           

          <?xml version="1.0" encoding="UTF-8"?>

          <saml2p:AuthnRequest AssertionConsumerServiceURL="https://TABLEAUSRV/wg/saml/SSO/index.html"

              Destination="https://134.44.29.28:9043/erm-idp" ForceAuthn="false"

              ID="a1gdefh18dgef09i5a448g16gd8gf5d" IsPassive="false" IssueInstant="2016-10-16T17:20:56.826Z"

              ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0"

              xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">

              <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://TABLEAUSRV</saml2:Issuer>

              <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

                  <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

                      <ds:Reference URI="#a1gdefh18dgef09i5a448g16gd8gf5d">

                          <ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

                          <ds:DigestValue>RWDyiBhlAqRKCOch6f8Xe9eBgMY=</ds:DigestValue>

                      </ds:Reference>

                  </ds:SignedInfo>

                  <ds:SignatureValue>GC38zoynoemcTYZogpR6EsCgMxHFs9eQe+/zjauBPU6uy7SYcHg5D0FBiYckxEGLTf8UsrK72UTNV16fp0Bv6e+MYXsxWuNMPj+ZUHNSWCcGsOMCQ6lT9lcFXW44xN9CJCdt+sM/uefKX9wzayA/BlXdK0PxNLwDMnYKEhHkctF1lYSwRWRBST60ojzTIDLSQTlpmHE2/+V44oVdxV/b03RNVUZrlxYtniEhAl+hw0Yxe3kq5VLooEl/pB0EgUZyrnxXtJ6lXk3PE2sjPbOVuL1vN1YRnWXpOiom0dgKqzCOdhzXsyq6en8SdNeppKQuY6p0LHGjhkmWFleZ1LcxpQ==</ds:SignatureValue>

                  <ds:KeyInfo>

                      <ds:X509Data>

                          <ds:X509Certificate>MIIDNTCCAh0CAR0wDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCSVQxDjAMBgNVBAgTBUl0YWx5

                              MQ0wCwYDVQQHEwRSb21lMQ0wCwYDVQQKEwRDZm1zMQ4wDAYDVQQLEwVGcmF1ZDETMBEGA1UEAxMK

                              d3d3LmhwLmNvbTAeFw0xNjEwMTQxMDQ5MTBaFw0xODEwMTQxMDQ5MTBaMGExCzAJBgNVBAYTAklU

                              MQ4wDAYDVQQIEwVJVEFMWTENMAsGA1UEBxMEUk9NRTEMMAoGA1UEChMDSFBFMRAwDgYDVQQLEwdU

                              QUJMRUFVMRMwEQYDVQQDEwpUQUJMRUFVU1JWMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC

                              AQEAq/3Z5s8X618PJ8q9DggUtIvhSUsrFbMda7iCliQmYmNSlEo+briCixuRl0R2ffigsia4OHP2

                              ZpQv/2jVTHQ6rYHwlEq586QxIB/LnVOnlbka4qnlkwWIdlkEokLbV4PRIZ7QjXz7l8YxMUCYNQBR

                              oeANqSfi1qwxvHRdQRIeqWzCNhXf6KzpitNL1UhDBtTe6t2C5IMroAHCz0BL7oaGrNVQWbUrDInj

                              wIp8kQ3n2066K9gKrj4xqpanrrNQsusnhqZmeT2tm4o7hNgnFGjpe/XtgRR/7Wj+aYG9x5IjKRjE

                              6N1cQwcSfCzjDs0NdEqD9j2WZm6cpeD/rSn8h5DyFQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQBM

                              iVw0vNFMnsXLfdauXJFJZUc9tmygePxM3fX/GBeNBLA18syJqKpHnTDum1RsPMMpgrzzZRBsz3pp

                              aDcJ7ibq2mYyHucVlLKGGcYT9FX4C7kRwyinmGK/A14E6a+gUCAMLDsoY+pzDWgvYD06ljEUA/uo

                              HvhL4/If2sbnTBGa8zPQ+5AA+QqAzU5h54lt71bQoXmw6ldnJNHYg4AHrmJEP+qf/jztAqoRW+dF

                              L4wd+E8Z8521AQ7Fr11jMOqVJjIGKYF9/UGR8lxWDgKOwWLGLPq/gqnfZLKNyaZXgeX4xNvBkNpj

                              D3eps4BL0sRau2OL5fKu2B0a9OsEwkqkaajJ</ds:X509Certificate>

                      </ds:X509Data>

                  </ds:KeyInfo>

              </ds:Signature>

          </saml2p:AuthnRequest>

          • 2. Re: Tableau Server 9.2 SAML problem
            Obed Tsimi

            To get more information for SAML issues in the logs, debug needs to be turned on as well. To do so, follow steps in article below.

             

            http://onlinehelp.tableau.com/current/server/en-us/help.htm#logs_debug_level.htm

             

            Troubleshoot SAML