4 Replies Latest reply on Oct 10, 2018 2:38 PM by A K

    Trusted authentication fails for one specific user

    A K

      We have some Tableau reports embedded within our Angular web application. The web application connects to the Tableau server using trusted authentication and a dedicated service account. The web app server is listed as a trusted host on the Tableau server. Basically, we make the following calls to Tableau to fetch a report:


      1. https://tableau.companyname.com/trusted?username=SERVICE_ACCOUNT -> returns a ticket

      2. https://tableau.companyname.com/trusted/<ticket>/views/WorkbookName/ViewName.. -> returns the report view


      We have tens of users that are using our web application to access the Tableau reports this way. This is working for all users of the application, except one.


      In the success scenario, call #2 above causes the Tableau server to return an HTTP Status 302 with a 'Location' parameter in the response header. The Location parameter contains the actual URL for the requested view i.e. https://tableau.companyname.com/views/WorkbookName/ViewName.. A call is then made by the Tableau server to this 'Location' URL, which then returns a 200 along with the requested view.


      In the failure scenario, in call #2, the first 302 response is not followed by a 200, but another 302, and the user is faced with the Tableau Server sign-in screen. This of course, is pointless, because we are using trusted authentication and SERVICE_ACCOUNT to generate tickets. As such, the user is not actually provisioned on the Tableau Server, and has no credentials to put into this sign-in screen.


      We looked into the logs on the Tableau server and they seem to show an expired/invalid ticket error message. But the ticket is freshly generated in call #1 and then immediately used for call #2. It is redeemed within 3 minutes (1-2 seconds, really) and is used only once. So there's no reason the ticket should expire.


      We are unable to understand why the Tableau response is different only for this particular user. They are using the web application and accessing the reports in the same way that all the other users are. They're on the same network. Using the same web browser (the latest Chrome), the same OS (Windows 10) and are part of the same organization.


      Everyone is at a complete loss here. Why, in spite of using the same web app server, same Tableau server, same service account, same web browser and same network, is trusted authentication failing for only one person?



      - Tableau Server version is 2018.1.3

      - Views were published using Tableau Desktop 10.3

      - Angular 4 UI

      - Java/Spring API

      - Call #1 is a POST from our API

      - Call #2 passes the URL as in step #3 here: Tableau JavaScript API


      Message was edited by: A K