We generated the .csr and .key files mentioned and sent them over to our SAML team. They then sent us back the .crt and .key files.
1 of 1 people found this helpful
I did figure out the way to generate the .crt file as well
Here are the steps and commands to generate all 3 files. This worked for me.
Steps to Generate Certificate File and Key File for 10.1 version:
1. Set Open SSL Config using this command: (Optional)
set OPENSSL_CONF=c:\Program Files\Tableau\Tableau Server\<version>\apache\conf\openssl.cnf
2. Navigate to C:\Program Files\Tableau\Tableau Server\<version>\apache\bin
.Key File: openssl.exe genrsa -out <yourcertname>.key 4096
3. .csr File: openssl.exe req -new -key yourcertname.key -out yourcertname.csr
add -config ..\conf\openssl.cnf at the end if you do not set the OPEN SSL config
4. .crt File: openssl.exe x509 -req -days 1825 -in devcert.csr -signkey devcert.key -out devcert.crt
We are trying to Implement SSO using OKTA for Tableau Server version 2019.1.2 in a Single node in DEV Environment . At present we are using 2018.1 in PROD environment that is SSO integrated using OKTA. But when I upgraded from 2018.1 to 2019.1.2 SAML SSO got broken in DEV. I have followed Sandeep's instruction as follows for 2019.1.2 version:
cd C:\Program Files\Tableau\Tableau Server\packages\apache.20191.19.0321.1733\bin
set OPENSSL_CONF=C:\Program Files\Tableau\Tableau Server\packages\apache.20191.19.0321.1733\conf\openssl.cnf
openssl.exe genrsa -out tabdev.key 4096
openssl.exe req -new -key tabdev.key -out tabdev.csr
openssl.exe x509 -req -days 1825 -in tabdev.csr -signkey tabdev.key -out tabdev.crt
I am getting "Unable to Sign In Invalid Username or Password" . Is any of you already implemented OKTA SSO for Tableau Server version 2019.1.2 ? Please help me with the steps to generate SAML .cert file and .key file . Okta gives a metadata.xml file that has <md:KeyDescriptor use="signing">...</md:KeyDescriptor> tags, and within this tags there is X509 Certificate. This metadata is uploaded in TSM interface. Do we have to do anything with this Certificate. In previous version (2018.1) I have used that in *.pam file and SSO is working . In 2019.1.2 version that doesn't work, even we converted that to *.pem file but still unsuccessful for SSO integration.
If anyone has done it please help.
Razzakul Chowdhury (Raz)