2 Replies Latest reply on Oct 23, 2017 5:04 AM by lenaic.ridinger

    Tableau Authentication Embedded w/Rest API

    Peter Crimi



      What I’m looking to do is behind one of our Web servers that our users already authenticate to I’m setting up a web page that has a tableau report embedded in the HTML. Problem is that users are finding themselves having to authenticate again when they get to the page with the tableau server in order to view the report/dashboard. I’ve already added this server’s IP address to the trusted list in the Tableau Server’s config file (https://onlinehelp.tableau.com/current/server/en-us/trusted_auth.htm). I would like to do it ether though this method of using IP addresses to authenticate with the server or through sending the credentials over a POST request to the REST API  (https://onlinehelp.tableau.com/current/api/rest_api/en-us/REST/rest_api_concepts_auth.htm#using_site_id). The account that would be used in this coding has no AD permissions and is only able to access Tableau for views so it would not be a security issue since it is only hosted internally and on a trusted server. When using Postman from that trusted server I can send a POST request (below) and I’m successfully returned a Token in the response in XML format.



      Content-Type application/xml



        <credentials name="*****" password="******" >

          <site contentUrl="" />




      When using the returned token through the trusted tableau link I’m able to view the workbook’s view without being prompted (http://tableauserver/trusted/<token>/workbook/view). What I’m unsure of is the proper coding for the HTML webpage as I can’t seem to get the token response parsed out and used in the embedded section (https://onlinehelp.tableau.com/current/server/en-us/trusted_auth_webURL.htm) (ether JavaScript or HTML embedding). What I would like to have happen is an HTML OnLoad event query the server for a token and then load up the embedded view using that token it had just received from the server to display the view without prompting our users to log in again. Ether through sending the credentials in the POST request or using the trusted IP address of the server to authenticate for the token.


      Any ideas or proper coding language/example of this I can try to get this working for us?