2 Replies Latest reply on Oct 2, 2018 6:23 AM by Christopher Calenda

    Site-Specific SAML integration Problem with OKTA

    Sunny Yue

      Configure the site-specific SAML integration and setup a test user account successfully.

      When I sign in through OKTA, I see the screen saying I do not have the right permission. Then I go ahead and turn on debug logging and see the following:

       

      2018-07-30 17:07:10.964 -0400 (-,-,-,W199-q3@BC2m5kv6rGBldQAAA7I,0:-1c1e7aba:164ece93501:-7bd1) catalina-exec-13 : INFO  com.tableausoftware.api.webclient.impl.WebClientAppService - Found the site with name: Prod for site saml user: username@domain.com

      ...

      2018-07-30 17:07:10.997 -0400 (,,,,) catalina-exec-4 : INFO  org.springframework.security.saml.log.SAMLDefaultLogger - AuthNRequest;SUCCESS;::1

      ...

      2018-07-30 17:07:11.985 -0400 (-,-,,W199-63@BC2m5kv6rGBlfgAAA7I,0:-1c1e7aba:164ece93501:-7bcd) catalina-exec-19 : DEBUG com.tableausoftware.domain.session.SessionService - Failed to tokenize:

      2018-07-30 17:07:11.985 -0400 (-,-,,W199-63@BC2m5kv6rGBlfgAAA7I,0:-1c1e7aba:164ece93501:-7bcd) catalina-exec-19 : DEBUG com.tableausoftware.model.workgroup.Session - No Session was passed in

      2018-07-30 17:07:11.985 -0400 (-,-,,W199-63@BC2m5kv6rGBlfgAAA7I,0:-1c1e7aba:164ece93501:-7bcd) catalina-exec-19 : INFO  com.tableausoftware.domain.session.SessionService - Session is expired or null

      2018-07-30 17:07:11.985 -0400 (-,-,,W199-63@BC2m5kv6rGBlfgAAA7I,0:-1c1e7aba:164ece93501:-7bcd) catalina-exec-19 : DEBUG com.tableausoftware.core.user.SessionCookieResolver - Session Id  was expired or invalid.

       

       

      I saw the message "failed to tokenize". I am wondering if this is the issue? Looking at the network log on Chrome, I see the login redirect to an unauthorized session page of some sort. Can anyone help solving the issue? Thanks

       

        • 1. Re: Site-Specific SAML integration Problem with OKTA
          Tobias Ruby

          I have the same issue. My logfile is here:

           

           

          2018-08-06 17:27:05.845 +1000 (-,-,-,W2f4STAo4fZA-kPiul8AQwAAAYE,0:4302ed:1650e1aa0a8:-7f97) catalina-exec-4 vizportal: INFO  com.tableausoftware.app.vizportal.LoggingInterceptor - Request received: /v1/getServerSettingsUnauthenticated

          2018-08-06 17:27:05.845 +1000 (-,-,-,W2f4STAo4fZA-kPiul8AQwAAAYE,0:4302ed:1650e1aa0a8:-7f97) catalina-exec-4 vizportal: DEBUG com.tableausoftware.api.webclient.WebClientApiController - WebClient API: Request for method 'getServerSettingsUnauthenticated' received

          2018-08-06 17:27:05.845 +1000 (-,-,-,W2f4STAo4fZA-kPiul8ARAAAATk,0:4302ed:1650e1aa0a8:-7f95) catalina-exec-1 vizportal: INFO  com.tableausoftware.app.vizportal.LoggingInterceptor - Request received: /v1/getSessionInfo

          2018-08-06 17:27:05.845 +1000 (-,-,-,W2f4STAo4fZA-kPiul8AQwAAAYE,0:4302ed:1650e1aa0a8:-7f97) catalina-exec-4 vizportal: DEBUG com.tableausoftware.core.localization.LocaleHolder - Parsed en into en

          2018-08-06 17:27:05.845 +1000 (-,-,-,W2f4STAo4fZA-kPiul8ARAAAATk,0:4302ed:1650e1aa0a8:-7f95) catalina-exec-1 vizportal: DEBUG com.tableausoftware.api.webclient.WebClientApiController - WebClient API: Request for method 'getSessionInfo' received

          2018-08-06 17:27:05.845 +1000 (-,-,-,W2f4STAo4fZA-kPiul8ARAAAATk,0:4302ed:1650e1aa0a8:-7f95) catalina-exec-1 vizportal: DEBUG com.tableausoftware.core.util.CSRFUtils - Cookie validation for XSRF successful.

          2018-08-06 17:27:05.845 +1000 (-,-,,W2f4STAo4fZA-kPiul8ARAAAATk,0:4302ed:1650e1aa0a8:-7f95) catalina-exec-1 vizportal: DEBUG com.tableausoftware.core.user.SessionCookieResolver - Session Id  was found in the request. Proceeding to validate.

          2018-08-06 17:27:05.845 +1000 (-,-,,W2f4STAo4fZA-kPiul8ARAAAATk,0:4302ed:1650e1aa0a8:-7f95) catalina-exec-1 vizportal: DEBUG com.tableausoftware.domain.session.SessionService - Failed to tokenize:

          2018-08-06 17:27:05.845 +1000 (-,-,-,W2f4STAo4fZA-kPiul8AQwAAAYE,0:4302ed:1650e1aa0a8:-7f97) catalina-exec-4 vizportal: DEBUG com.tableausoftware.core.localization.LocaleHolder - Parsed en_US into en_US

          2018-08-06 17:27:05.845 +1000 (-,-,-,W2f4STAo4fZA-kPiul8AQwAAAYE,0:4302ed:1650e1aa0a8:-7f97) catalina-exec-4 vizportal: INFO  com.tableausoftware.api.webclient.remoting.LocalizationInfoParameterProvider - Language: 'en', locale: 'en_US'

          2018-08-06 17:27:05.845 +1000 (-,-,-,W2f4STAo4fZA-kPiul8AQwAAAYE,0:4302ed:1650e1aa0a8:-7f97) catalina-exec-4 vizportal: INFO  com.tableausoftware.api.webclient.remoting.SimpleRemoteCallProxy - WebClient API: Calling getServerSettingsUnauthenticated

          2018-08-06 17:27:05.845 +1000 (-,-,,W2f4STAo4fZA-kPiul8ARAAAATk,0:4302ed:1650e1aa0a8:-7f95) catalina-exec-1 vizportal: DEBUG com.tableausoftware.model.workgroup.Session - No Session was passed in

          2018-08-06 17:27:05.845 +1000 (-,-,,W2f4STAo4fZA-kPiul8ARAAAATk,0:4302ed:1650e1aa0a8:-7f95) catalina-exec-1 vizportal: INFO  com.tableausoftware.domain.session.SessionService - Session is expired or null

          2018-08-06 17:27:05.845 +1000 (-,-,,W2f4STAo4fZA-kPiul8ARAAAATk,0:4302ed:1650e1aa0a8:-7f95) catalina-exec-1 vizportal: DEBUG com.tableausoftware.core.user.SessionCookieResolver - Session Id  was expired or invalid.

          2018-08-06 17:27:05.845 +1000 (-,-,,W2f4STAo4fZA-kPiul8ARAAAATk,0:4302ed:1650e1aa0a8:-7f95) catalina-exec-1 vizportal: DEBUG com.tableausoftware.core.user.SessionCookieResolver - No session Id was found in the request.

          2018-08-06 17:27:05.845 +1000 (-,-,-,W2f4STAo4fZA-kPiul8ARAAAATk,0:4302ed:1650e1aa0a8:-7f95) catalina-exec-1 vizportal: INFO  com.tableausoftware.core.util.CSRFUtils - No authenticated user was found from request (non oauth).

          2018-08-06 17:27:05.845 +1000 (-,-,-,W2f4STAo4fZA-kPiul8ARAAAATk,0:4302ed:1650e1aa0a8:-7f95) catalina-exec-1 vizportal: DEBUG com.tableausoftware.core.user.SessionCookieResolver - No session Id was found in the request.

          2018-08-06 17:27:05.845 +1000 (-,-,-,W2f4STAo4fZA-kPiul8ARAAAATk,0:4302ed:1650e1aa0a8:-7f95) catalina-exec-1 vizportal: DEBUG com.tableausoftware.core.user.SessionCookieResolver - No session Id was found in the request.

          2018-08-06 17:27:05.845 +1000 (-,-,-,W2f4STAo4fZA-kPiul8ARAAAATk,0:4302ed:1650e1aa0a8:-7f95) catalina-exec-1 vizportal: INFO  com.tableausoftware.api.webclient.remoting.AuthenticatedUserCallInterceptor - WebClient: called API method has parameter of IAuthenticatedUser type, but when called there was no logged in user. Responding with 'InvalidSessionException'.

          2018-08-06 17:27:05.845 +1000 (-,-,-,W2f4STAo4fZA-kPiul8ARAAAATk,0:4302ed:1650e1aa0a8:-7f95) catalina-exec-1 vizportal: DEBUG com.tableausoftware.core.util.RemoteIP - Found header https in X-FORWARDED-PROTO

          2018-08-06 17:27:05.845 +1000 (-,-,-,W2f4STAo4fZA-kPiul8ARAAAATk,0:4302ed:1650e1aa0a8:-7f95) catalina-exec-1 vizportal: INFO  com.tableausoftware.api.webclient.WebClientApiController - com.tableausoftware.domain.exceptions.InvalidSessionException: Session not found. (errorCode=46)

          2018-08-06 17:27:05.845 +1000 (-,-,-,W2f4STAo4fZA-kPiul8AQwAAAYE,0:4302ed:1650e1aa0a8:-7f97) catalina-exec-4 vizportal: DEBUG com.tableausoftware.core.localization.LocaleHolder - Parsed en_US into en_US

          2018-08-06 17:27:05.845 +1000 (-,-,-,W2f4STAo4fZA-kPiul8AQwAAAYE,0:4302ed:1650e1aa0a8:-7f97) catalina-exec-4 vizportal: DEBUG com.tableausoftware.core.localization.LocaleHolder - Parsed en into en

          2018-08-06 17:27:05.845 +1000 (-,-,-,W2f4STAo4fZA-kPiul8ARAAAATk,0:4302ed:1650e1aa0a8:-7f95) catalina-exec-1 vizportal: INFO  com.tableausoftware.app.vizportal.LoggingInterceptor - Request completed: /v1/getSessionInfo with status 401

          2018-08-06 17:27:05.845 +1000 (-,-,-,W2f4STAo4fZA-kPiul8AQwAAAYE,0:4302ed:1650e1aa0a8:-7f97) catalina-exec-4 vizportal: INFO  com.tableausoftware.app.vizportal.LoggingInterceptor - Request completed: /v1/getServerSettingsUnauthenticated with status 200

          2018-08-06 17:27:06.110 +1000 (-,-,-,W2f4SjAo4fZA-kPiul8ASgAAAYE,0:4302ed:1650e1aa0a8:-7f93) catalina-exec-7 vizportal: INFO  com.tableausoftware.app.vizportal.LoggingInterceptor - Request received: /v1/recordNavigationTiming

          • 2. Re: Site-Specific SAML integration Problem with OKTA
            Christopher Calenda

            Was there ever any resolution on this? I have the exact issue as well. Outstanding support ticket with no response after nearly a week.