Hello Dillon Scaduto,
I guess you added a port to your client URLs in your client settings tab.
root url: https://demo.server.biz:443/cxf
Just remove the port
root url: https://demo.server.biz/cxf
The same goes for
Valid Redirect URIsand
Let me know if it helps!
Here is a screen shot of my IdP config, I took into account the changes you suggested Lenaic.
There are no ports listed in the config. right now Tableau is running on port 80, and Keycloak is running on 8180. TS02413 is the same as localhost. so the two valid redirect URLs may be redundant, I'm not sure.
Mines were an example.
Indeed, you do not have any port listed here.
Does this work if you apply this trick to: vizportal.openid.config_url: http://localhost:8180/auth/realms/demo/.well-known/openid-configuration?
The error message means that the parameter you're passing does not match your Callback URL in your application settings.
Any help from the community here would be appreciated.
Have you already experienced and solved this issue? We value your help!
Lénaïc RIÉDINGER, Global Community Engineer Tableau
If you see an Helpful or Correct response, please mark it thanks to the buttons below the targeted post!
When I remove the port from the Tableau config I end up with a generic errors error that looks like this
The identity provider configured for OpenID Connect could not be reached. For help, contact your Tableau Server administrator.
The tab admin log file doesn't provide any useful information. In fact this error isn't documented in the logs at all .
Besides changing port numbers, I have also tried a number of different URLs for the vizportal.openid.config_url setting. I have also opened a ticket with this because the tableau documentation doesn't even discuss these errors. I have also been in contact with Keycloak in hopes that they can provide more information about configuring their own product.
Additionally, OpenID is not a requirement and SAML is an option. So yes I have a work around (maybe, I haven't actually tried it yet), but OpenID should work nonetheless.
The redirect URL that will be provided to your IdP by Tableau Server will be formed like the following: http://TS02413/vizportal/api/web/v1/auth/openIdLogin (assuming http://TS02413/ is the tableau server URL)
The full redirect URI that needs to be provided to your IdP can be found in the OpenID Connect tab of the Tableau Server Configuration application. (Bottom box in screenshot below)
Please add "http://TS02413/vizportal/api/web/v1/auth/openIdLogin" to your IdPs Valid Redirect URIs. It is likely that your IdP does not allow the use of a wildcard in the redirect URI and is failing to make a valid match due to this.
Hopefully this will allow you to overcome the current error.
I got on the phone with Tableau support directly and they helped me debug this.
I don't remember the solution but it has nothing to do with Tableau. It was my own mistake with the IdP configuration
1 of 1 people found this helpful
I was actually the person James brought onto your call with Tableau Support to assist.
We were able to solve the problem by re-configuring the IdP to allow a different redirect URI. There were a few other factors that were also specific to your configuration, those don't need to be discussed here as they will vary for each environment.
Either way, I'm glad we were able to resolve the issue!