i have the same issue as well, have you try to contact the tableau support team yet?
Same issue with me.
I have contacted Tableau support and they are working the case. I will update this post when I have any news.
yes, please do let us know the response/solution you get!! hope to hear soon!! Pat
You have to again run tabadmin set command to add the trusted
authentication with the list of IPs
On Tue, 8 May 2018, 20:58 Patrick Myles, <email@example.com>
I have tried to reset the trusted list of IPs via the tabadmin set command with no success. I am still experiencing this issue. I am putting in a ticket with Tableau Support and will reply back with useful information.
3 of 4 people found this helpful
I get support team's response.
- I collected a snapshot.
- Fixed the problem as below setps in server command window.
C:\Program Files\Tableau\Tableau Server\2018.1\bin>
1. Tabadmin stop
2. Tabadmin set wgserver.unrestricted_ticket true
3. Tabadmin config
4. Tabadmin start
this worked for me
What are the full repercussions of changing this config item?
Currently, I have a core server license and use trusted ticketing to display views on our public website and I control the permissions with a single service user. From what I can find about changing this is it will give full access to the UI? How does this work exactly? Could someone get the ticket and see all content that the user has access to? When does the ticket expire?
Thanks for any insight!
2 of 2 people found this helpful
Tableau does not recommend using unrestricted trusted tickets. Unfortunately the best option is to roll back to 10.5 until Tableau can release a fix for 2018.1. Instructions on rolling back: Rolling Back to an Earlier Installation of Tableau Server | Tableau Software
The reason we do not recommend unrestricted trusted tickets:
1. Trusted tickets only allow access to views and not to the Tableau Server UI. This means that redemption of a ticket doesn't allow any TS UI/vizportal functionailty, just using views.
2. Unrestricted trusted tickets give full access to the server as the user the ticket was requested as.
3. If someone was to gain access to the machine requesting trusted tickets they could request a trusted ticket as the administrator, redeem it, and have full access as an administrator to the server. This is one of the reasons trusted tickets only allow specific IPs and not ranges of IPs for adding to trusted hosts to request tickets.
4. This full session is good for the length of time that wgserver.session.idle_limit / wgserver.session.lifetime_limit are to (default no more than 240 minutes of inactive use).
If you believe that you have secured your environment enough that #3 is not a concern, unrestricted tickets is a workaround. However, you are choosing to open the door to your server much wider than it otherwise would be.
On Linux this would be:
tsm configuration set -k wgserver.unrestricted_ticket -v true
tsm pending-changes apply
The second command takes care of restarting, so no need to stop and start in this case.
This also fixed the issue for me.
Any update on this issue? Are we going to be able to use trusted tickets safely (without the unrestricted part) soon?
The fix is currently targeted at our next maintenance release for 2018.1 and we do those maintenance releases about once a month. We're still finishing the maintenance release but if we don't run into any problems i'd expect you'll see the release before the end of the month.
2 of 2 people found this helpful
Closing the loop here:
This was fixed in 2018.1.2:
In Tableau Server 2018.1 after initial load, any interactions with an embedded view accessed using trusted authentication would result in a repeated error: An error occurred communicating with the server (500)