5 Replies Latest reply on Apr 30, 2018 6:22 AM by Marcel Moog

    WDC SSO to Web API

    Marcel Moog

      Hi there,

       

      I implemented a WDC which combines some queries from JSON Web APIs that are hosted in our intranet. As this was my first WDC, I made the mistake to stick to the Simulator for most of the development time and there it all worked well. But I met a problem when I later tried to use the WDC directly in the Tableau Desktop:

       

      Network Error: 204 (Host requires authentication)

       

      The message in the brackets is actually correct. The Web APIs require authentication scheme Kerberos or NTLM ("negotiate"). That's why I call the APIs something like this:

       

      $.ajax({

         url: someUrl,

         dataType: "json",

         crossDomain: true,

         xhrFields: {

           withCredentials: true

        }, ...

       

      This works alright in the Simulator in Chrome (even IE) but it throws the 204 error in the WDC browser in Tableau Desktop (10.4.3). I really couldn't find any similar issues in the Community or the www in general, that's why I'm asking here: Am I missing some configuration setting here or is the thing I'm trying not supported?

       

      Kind Regards,

      Marcel

        • 1. Re: WDC SSO to Web API
          Carisa Chang

          Hi Marcel,

           

          How have you implemented the WDC Auth phase? http://tableau.github.io/webdataconnector/docs/wdc_authentication

          WDC Authentication

           

          It sounds like you'd be using Auth type "custom"?

          • 2. Re: WDC SSO to Web API
            Marcel Moog

            Hi Carisa,

             

            actually in the init delegate I do set authType to "custom" but the example in the documentation is about OAuth which I don't use. So, if any custom authentication logic is required for the auth phase, I don't have a clue what that would look like for Kerberos or NTLM. Especially because my code does work in the simulator within Chrome browser and it only throws 204 error in Tableau Desktop... It's not like I actively request some token somewhere or send username/password. Kerberos/NTLM should work out of the box in most browsers.

             

            See Tableau documentation: Browser Support for Kerberos SSO

            I'd really appreciate an extra chapter about Kerberos/SSO in Tableau Desktop's embedded WDC browser here. If I got it right, this one is neither Chrome nor Safari but something special (QT Webkit)?! Or an example implementation of the WDC auth phase with Kerberos/NTLM. If none of that is supported, this would also be valueable information that should be in the documentation

             

            Kind Regards,

            Marcel

            • 3. Re: WDC SSO to Web API
              Desiree Abbott

              I am having similar difficulties, though I'm stuck at an earlier stage.  I'm trying to build a WDC for Rally / Agile Central, but my company's implementation uses SSO for authentication and I am finding no examples of WDCs built this way that I can work from.  I'm stabbing around blindly in the dark, and that's going about as well as you might imagine.

               

              So, I would echo Marcel Moog's request for more documentation about building a WDC with SSO authentication.

               

              (Yes I know that a Rally WDC already exists and I tried it but it doesn't pull all of the data that I need. Since the source code is not documented anywhere, I need to reinvent the wheel if I want to get all of my company's data.  If someone has a better solution, I'm all ears.)

              • 4. Re: WDC SSO to Web API
                Laura Borgonovo

                Tableau Desktop is only able to call authentication that is within the WDC itself (as documented at https://tableau.github.io/webdataconnector/docs/wdc_authentication). Any authentication prior to the WDC cannot be called through Tableau Desktop.

                The reason of the difference observed when using the WDC Simulator (calls authentication pop-up) and Tableau Desktop (does not call authentication pop-up, and fails to connect) is that the simulator runs through a browser and has all the capabilities of the browser, including different approaches to authentication. Tableau Desktop itself has limited browser capabilities. The simulator is intended to be a tool to help with debugging WDC code, as opposed to a full replication of the WDC function.

                 

                In order to be able to connect Tableau Desktop to a target using SSO via WDC, the best course of action would be to move the authentication into the WDC itself and ensure that no other authentication requests occur before Tableau Desktop connects to the WDC.

                If the above is not an option, please see k504866430 comment in https://github.com/tableau/webdataconnector/issues/160 . Basically Tableau can be programmed to capture the username, password and then construct the 'Authorization' header in javascript ajax request. for example:

                 

                fetch(url, {

                method: 'GET',

                headers: {'Authorization' : btoa($('#username').value + ":" + $('#password').value)} });

                 

                Should work.

                • 5. Re: WDC SSO to Web API
                  Marcel Moog

                  Hi Laura,

                   

                  just to sum it all up, SSO is not possible with the latest version of Tableau Desktop. I always have to implement some sort of username/password authentication. Correct?

                   

                  The link to the GitHub issue (160) makes clear that the browser in Tableau Desktop is really old compared to how fast web technologies are developing these days. QT WebEngine is around for five years and it is based on Chromium. I guess that once you change to WebEngine, my problems will go away. Also the missing support for ES6 and later is quite a drawback.

                   

                  Any idea when those plans "lbrendanl" is talking about on GitHub might get realized?

                   

                  We'll be putting our WDC development on hold for now. Seems like building time consuming workarounds just to somehow fit our APIs to Tableau does not feel right. Maybe we'll evaluate that option in some later Tableau version with an upgraded browser add-in...

                   

                  Kind Regards,

                  Marcel