I'm trying to get a tableau server trusted authentication token for authorization.
I'm requesting the post method to the tableau server.
https://example.server.name/trusted/username=admin?&target_site=Sales
Is it a corrected way to get the trusted token from the tableau server?
or I missing something.
You have to whitelist your trusted server using the tsm authentication command
And the ? is misplaced in the URL. Should be
https://example.server.name/trusted?username=admin&target_site=Sales
Related
I am new to tableau and I want to integrate tableau server in our application through Iframe, I am passing HTTP URL with authentication details like username and password but whenever I am accessing tableau it is asking for username and password.So please suggest me that how i can access tableau without redirecting to login page.
According to the Tableau community you can't do this through the URL:
There is no built-in mechanism to pass a username/password on the URL
as doing so gives "bad people" a super-duper-easy way to hack into
Tableau Server itself. As a hacker, all I'd have to do is "sit on the
wire", watch requests go to Tableau, and I could harvest everyone's
usernames and passwords. Scary stuff!
But there is a solution for built in credentials if you have a security mechanism on your end:
You might want to read up on Tableau Server's ability to do Trusted
Tickets authentication. You could essentially tell Tableau Server to
"Trust" whatever other security mechanism is authenticating your users
(I assume you have one). If you don't have another mechaism to
authenticate users before they get to Tableau Server, there's not too
much you can do.
More on Trusted Authentication from Tableau website:
Trusted authentication simply means that you have set up a trusted
relationship between Tableau Server and one or more web servers. When
Tableau Server receives requests from these trusted web servers it
assumes that your web server has handled whatever authentication is
necessary
Setting this up requires you to add the trusted IP addresses to your Tableau server. This is done by stopping tabadmin and then running the following command, followed by saving this config and restarting:
tabadmin set wgserver.trusted_hosts "<trusted IP addresses or host names>"
Once this is done you have to configure your web server so it can request tickets from Tableau server using a POST request to http://<server name>/trusted. These tickets must then be included into the script.
Hope this helps.
I currently have a windows server set up and I am looking to make rest API calls using Angular 2 to the Tableau Server.
The problem becomes that the Tableau Server that our company uses is over SSL, and my connection is not.
Before I start looking into an SSL certificate I would like to make sure that what I am trying to do is possible.
If I were to add the SSL certificate to the server would this remove my error upon making the request?
I Get an error when making my HTTP post request to an HTTPS server, ERR_INSECURE_RESPONCE.
If I purchase (or get a free trial) a SSL certificate, what kind would I need to do this.
I saw the word "endpoint" many times in OAuth documents.. However, I still don't know what does this word really mean.. Does anyone have ideas about this?
The OAuth 2.0 Authorization Framework
The authorization process utilizes two authorization server endpoints
(HTTP resources):
Authorization endpoint - used by the client to obtain
authorization from the resource owner via user-agent redirection.
Token endpoint - used by the client to exchange an
authorization
grant for an access token, typically with client authentication.
Its basically the HTTP web address of the authentication server. It could probably be server addresses depending upon how its worked. The first is for requesting access of the user the second could be for granting access to the application. this probably depends upon how the Authentication server is set up.
OAuth endpoints are the URLs you use to make OAuth authentication requests to Server. You need to use the correct OAuth endpoint when issuing authentication requests in your application. The primary OAuth endpoints depend upon the system you are trying to access.
Example Google has two end points:
Request access of user:
https://accounts.google.com/o/oauth2
Exchange tokens
https://accounts.google.com/o/oauth2/token
I just read the article here: http://www.asp.net/aspnet/overview/developing-apps-with-windows-azure/building-real-world-cloud-apps-with-windows-azure/single-sign-on
I have just finished building an app that can authenticate users via WAAD, or via a local installation of ADFS on their corporate network (configuration point allows them to select one or the other).
The app will be hosted in Azure. Can someone tell me if it is possible for users who are on their corporate network to login to this Azure app WITHOUT entering their credentials?
Here is the flow:
user navigates to the cloud app
FAM detects they aren't authenticated, and redirects the browser to their ADFS server on the corporate network
ADFS server replies with 401 challenge (I assume this is what's happening)
user sees a user name/password box, and enters in credentials
user is redirected back to the cloud app with a token containing their claims
I don't understand why #4 is required if the user is already on their corporate network. Shouldn't ADFS use Windows Authentication here so they don't have to enter their password? Is there a way to configure ADFS to do this?
Thank you!
This can be accomplished by adding the Url of the ADFS endpoint to the local intranet or trusted sites of Internet Explorer. By default Internet Explorer will pass in the Windows credentials to sites in those two groups. If that doesn't work, you would have to double check that setting hasn't been modified.
In order to secure my Rest Services, I have enabled SSL in IIS and Created a Self-Signed Certificate and assigned it to the HTTPS binding in IIS. I exported the same as pfx file and added the same in IE also but when I try to access the Services, I get the following error on Windows 7, Enterprise edition
HTTP Error 403.7 - Forbidden
The page you are attempting to access requires your browser to have a Secure Sockets Layer (SSL) client certificate that the Web server recognizes.
And on Windows Server 2003, this is
HTTP Error 403.7 - Forbidden: SSL client certificate is required.
Internet Information Services (IIS)
I am not sure what shall I do except adding the certificate in IE under “Personal” and “Trusted Root Certification Authorities”? Could you please suggest me some step, in order to make this work.
Note: I have tried with “Self-Signed Certificates” as well as with Certificates generated from Microsoft “Certificate Services” also.
Any help is greatly appreciated.
SSL is used to verify the identity of the server, not the identity of the client. The error suggests (http://support.microsoft.com/kb/199215, "This is used for authenticating you as a valid user of the resource. ") the server wants to identify the client. Which of the two are you trying to do?
Edit: SSL requires the public part of the SSL certificate to be available to the client. Adding it to the trusted root certificates seems to me to be the only way to make the public part of a self-signed certificate available to the browser.