1 Reply Latest reply on Oct 2, 2017 4:17 PM by Carisa Chang

    Invalid domain Tableau-Saml-AD integration

    Rahul Kumar

      I am integrating Tableau with AD using Saml.

       

      I have configured everything. But while logging to Tableau via browser, it gives me the following error

       

      ------------------------------

      2017-09-28 09:16:23.021 +0000 catalina-exec-1   ERROR requestId=: wgsessionId= com.tableausoftware.domain.user.saml.SAMLExtendedProcessingFilter - SAML Authentication Failed, please contact the administrator.

      com.tableausoftware.domain.exceptions.LoginFailedException: Failed to find the system user {UserIdentity[idProvider=, domain=local, userName=ad]} (errorCode=5) at com.tableausoftware.domain.user.service.AuthenticationService.authenticate(AuthenticationService.java:468) at com.tableausoftware.domain.user.service.AuthenticationService.ssoAuthenticate_aroundBody6(AuthenticationService.java:237)  at com.tableausoftware.domain.user.service.AuthenticationService$AjcClosure7.run(AuthenticationService.java:1)

      -----------------------------

       

      The domain the tableau server configured on is TAB and the domain AD configured is adir.local.com. And below are my claim rules on AD

      claimrules.png

       

      I looked the error up online and the resolution given by Tableau is "Add information to your SAML assertion so that the 'username' attribute is passed in the "domain\username" or "username@domain.com" format.  "Domain\username" is the recommended format."

       

      Can someone please tell me how to do that?

        • 1. Re: Invalid domain Tableau-Saml-AD integration
          Carisa Chang

          According to the error message, ADFS is sending over the username "local\ad" and this user doesn't exist on your Tableau Server.

          Is there a reason you are using a domain of "local"? Tableau Server uses local as the domain for it's local authentication identity store.

          If your users are on one domain, and Tableau Server is on another domain, you'll also want to make sure the domains meet the trust requirements:

          Domain Trust Requirements

           

          I'd recommend a few things:

          For simplicity's sake, don't use "local" as your AD nickname.

          Check the domain trust to makes sure it is set correctly.

          Check to make sure the user in your error message actually exists on Tableau Server.

           

          Contact Tableau Support for help.