1 Reply Latest reply on Aug 23, 2017 8:33 AM by Toby Erkson

    SAML your Server

    Sylvain Cogné

      Hello Tableau People,


      I am  currently working on the SAML configuration of our Tableau Server and we are facing the issue that the site-specific configuration ussing OneLogin as IdP is not working... I was able to make it worke for the SAML Server-wide Option or even using Tableau Online but as soon as I Switch it to a site specific configuration on Tableau Server, my SAML users are not able to connect anymore: The logs analysis give us an error due to the signature of the message inside the protocole. According to OneLogin, the user is loged, but Tableau Server tells us that there is an error in the Connection : Username or Password not recognized.



      2017-08-15 12:22:25.456 +0000 (,,,) catalina-exec-3 : ERROR com.tableausoftware.domain.user.saml.SAMLExtendedProcessingFilter - SAML Authentication Failed, please contact the administrator.

      org.springframework.security.authentication.AuthenticationServiceException: Incoming SAML message is invalid


      Caused by: org.opensaml.ws.security.SecurityPolicyException: Validation of protocol message signature failed


      We are using a self signed certificate so that could be the reason why but then I do not understand why it would be working Server-wide with exactly the same configuration... I have tryed it using two different Version of Tableau Server but with the same result.


      So here I come to my point(s) :

      - Does anyone of you already configured Tableau Server to work site-specific SAML and with which IdP? If it was with OneLogin, how did you configure the Connection to make it work and which OneLogin app did you use (Tableau Server, Tableau Server Signed Response,...)?

      - How to match the attributes? Which one of them and how to know the Attribute to include into the SAML Assertion?

      - Which IdP do you recommand ? I have mainly worked with OneLogin but perhaps do you have other tipps?


      I would be interessted by any tipps regarding the SAML configuration.


      Thanks a lot in advance.