3 Replies Latest reply on Dec 12, 2019 9:01 AM by Santiago Sanchez

    OneLogin SAML SLO not working - Embedded User Filter dashes not updating on change of user

    Albert van Niekerk

      ***EDIT:

      ---------------------------------------------------------------------------------------------------------------------------------------------------------------

      The Application as well as Tableau is configured to use SAML for authentication.

      When the user logs out one of 2 things aren't happening:
      1. The Idp isn't sending a POST to Tableau to notify it that the session is no longer valid

      2. Tableau server isn't "listening" for the POST message.

      I am making use of OneLogin as the Idp, things I have tested:

      - Log out from OneLogin invalidates App and OneLogin session, on requesting a route the login page is displayed, Tableau is oblivious of the session change. - Log out from the App invalidates App and OneLogin session, on requesting a route the login page is displayed, again Tableau is oblivious of the session change. 

      - Log out from Tableau invalidates App, OneLogin and Tableau session.

       

      Has anyone had the same issue with SAML where signing out of the Idp doesn't POST to Tableau?

      Things I have looked at:

      SAML Authentication: SingleLogoutService (does support / does not support) ?!?

      I do not see a Sign Out option with SAML enabled on Tableau Server 9.3

      Re: SAML Authentication Lifespan

       

      ---------------------------------------------------------------------------------------------------------------------------------------------------------------

       

      I have been using embedded user dashes for quite some time now.
      We recently implemented User filters in order to display only data relevant to the user that logs in, eg Admin can see all data, Sales can only see sales etc...

       

      Problem:

      The problem is that on the first login the dashes get filtered correctly, but after the user logs out and another logs in the dashes of the previous user is still displayed.

      I have tried forcing the cache to be cleared, but this had no effect, even doing a force refresh of the current session doesn't load the correct dashes.

       

      An admin logs in to the system and gets the dashes with everything, they then logs out and a sales person now logs in on the same browser, the the sales person is met with the dashes containing all the data. This has been tested with private/incognito browser mode as well.

       

      Expected behaviour:

      Admin logs in to system and sees unfiltered dashes with all the data. Sales person now logs in to the system on the same browser and only sees their data.

       

      Environment:

      OS: Windows & Mac - Chrome
      Server: Tableau Server on Linux
      Code: Embedded viz in HTML page + JS API