3 Replies Latest reply on Apr 14, 2017 1:26 AM by lenaic.ridinger

    SAML Single Logout - Supported by Site Specific SAML with Local Authentication?

    Zachary Parrott

      We currently have a locally hosted Tableau server running v10.2. We have an internal SAML 2.0 IdP that has been configured within Tableau using Site Specific SAML with Local Authentication.

       

      During login Tableau correctly hands off the authentication to the IdP which authenticates the user and creates the user's session in Tableau. The problem is when clicking sign out in Tableau it redirects to a Tableau logout page and there is never a SAML request sent to the IdP. The session within Tableau is correctly destroyed but the session with the IdP remains. In the site specific SAML configuration in Tableau it notes that the IdP supports Single Logout under the IdP metadata import section. I also verified that the POST binding for Single Logout is present in the IdP metadata that was imported into Tableau.

       

      When I change Tableau's configuration to use Site Wide SAML authentication the Single Logout works as I would expect and correctly sends the request to the IdP when clicking Sign Out. Is SAML Single Logout not supported in Site Specific SAML with Local Authentication?

       

      I read through a lot of documentation and forum posts with no luck in finding any specifics. Has anyone ran into such a scenario?

       

      Thanks.