4 Replies Latest reply on Oct 15, 2019 8:41 AM by Bill Hamill

    Tableau server behind AWS ELB with trusted authentication

    Bill Hamill

      We've setup our Tableau server on AWS behind a load balancer and it seems to work fine up to a point. Tableau links generally work, but trusted authentication does not (trusted authentication was working without the load balancer).


      I've followed the steps in Add a Load Balancer. But I'm confused how to configure gateway.trusted. I don't have an IP address for the AWS load balancer. I don't understand what is meant by "or computer name" and wonder how else I can identify my load balancer. I've tried both the domain name and the canonical name from the CNAME record for the load balancer. Nothing has worked.


      As a test, I found an error message "ERROR ... TrustedTicketServiceImpl - Invalid request host: ..." in the vizqlserver logs and guessed the message identified the load balancer's current IP address. I used that IP address in gateway.trusted and then trusted authentication started working through the load balancer.


      So, how do I properly identify my load balancer in gateway.trusted without an IP address?


      I've read through Self-Deploy Tableau Server on AWS in a Distributed Environment where it suggests running the Tableau server on a subnet limited to 30 IP addresses and listing all the possible IP addresses in gateway.trusted, but this seems impractical. Our AWS architecture is already in place with several web servers, database servers and application servers already on a defined subnet.