6 Replies Latest reply on Dec 17, 2018 11:07 PM by Kavin Abelak

    Trusted authentication using private IP

    Kavin Abelak

      A bit of background:

      I have Tableau Server for Linux (2018.3) setup on a RHEL instance on AWS. TS sits in a private subnet with no access to the internet (We access it using VPN). I have a webserver sitting in a private subnet, with connection to the internet via a load balancer and NAT.

       

      The old solution:

      Previously, when TS was sitting in a public subnet with access to the internet, I was using trusted authentication as described in the php code below and everything was great. Clients would log into our application, and the embedded Tableau Dashboards would appear based on their username.

       

      The requirement:

      Due to the sensitive nature of our data, I would like to have the webserver and TS communicate via private IP (so as not to ferry traffic through the internet). As such, I moved TS into a private subnet with no direct access to the internet.

       

      The problem:

      When I change https://mytableauserverul/trusted to 10.0.0.1/trusted (the private IP where TS sits), a timeout happens. I suspect the client cannot resolve 10.0.0.1 and thus hangs.

       

      The question(s):

      How do I make the webserver communicate with TS via private IP while using trusted authentication? And if this is not the way to go about my requirement, any ideas would be appreciated.

       

       

       

       

      Old php embed code:

      if($sTableauUser)

      {

              // Tableau configs

              $sTableauUrl  = "https://mytableauserverurl/trusted/";

              $sParams      = ":embed=yes&:toolbar=no&:tabs=no&:showAppBanner=false&:refresh=yes&:embed_code_version=3";

              $sViews       = "/views/".TABLEAU_VIEW."/TaskOverview?";

              $sLoginParams = "username=".$sTableauUser;

       

              $sCurlRequest = curl_init();

       

              curl_setopt($sCurlRequest, CURLOPT_URL, $sTableauUrl);

              curl_setopt($sCurlRequest, CURLOPT_POST, 1);

              curl_setopt($sCurlRequest, CURLOPT_POSTFIELDS, $sLoginParams);

              curl_setopt($sCurlRequest, CURLOPT_RETURNTRANSFER, true);

              curl_setopt($sCurlRequest, CURLOPT_HTTPHEADER, array("Content-Type: application/x-www-form-urlencoded"));

       

              $sTicket = curl_exec($sCurlRequest);

       

              curl_close($sCurlRequest);

       

              if($sTicket == -1)

              {

                      // Handle error

                      echo "<h3 class='headerFont'>".$_LANG["no_generate_tableau"]."</h3>";

              }

              else

              {

                      echo "<iframe src=", $sTableauUrl, $sTicket, $sViews, $sParams, "' width='1366' height='600'></iframe>";        }

      }