KNOWLEDGE BASE

Error "Could not locate unexpired trusted ticket"


Published: 26 Jun 2013
Last Modified Date: 06 Sep 2017

Issue

When you try to access a site that uses trusted authentication, the following error might occur:

An error occurred on the server. The details of the error are:
Could not locate unexpired trusted ticket <ticket number>
Click the Refresh button in your web browser and try again.
If you continue to receive this error please contact your Tableau Server Administrator.

Environment

  • Tableau Server 
  • Trusted authentication

Resolution

Option 1 : Duplicate Calls for the Same Ticket Number:
To determine if proxies are sending multiple requests for the same ticket, check the HTTPD folder of the Tableau Server logs. For more information, see Log File Locations.  

You should only see one request for this ticket, where "/trusted/" is followed by a 9-255 (default is 24) character alphanumeric string. If you see this information more than once, a proxy is requesting the URL with the ticket multiple times, such as in the first and third lines in the following example:
1.23.45.567 - - 2016-08-09 15:52:54.348 Pacific Daylight Time 80 "GET /trusted/bTf1vpt-xdncVZw4B5nmi1Np/views/viewname/dashboardname?:embed=y&:host_url=http://12.34.56.789/&:tabs=no&:toolbar=no&:loadOrderID=0 HTTP/1.1" "1.23.45.678" 321 - "-" 31200 UctMZgq1CGoAABrYHjwAAAAM
 
123.45.67.891 - - 2016-08-09 15:52:56.578 Pacific Daylight Time 80 "GET /trusted/4wphmumvWTkVw5Rl1UrSqxqv/views/viewname/dashboard name?:embed=y&:host_url=http://12.34.56.789/&:tabs=no&:toolbar=no&:loadOrderID=0 HTTP/1.1" "123.45.67.123" 432 1234 "-" 0 UctMmQq1CGoAABrYHkEAAAB0
 
123.45.678.91 - - 2016-08-09 15:52:58.213 Pacific Daylight Time 80 "GET /trusted/bTf1vpt-xdncVZw4B5nmi1Np/views/viewname/dashboardname?:embed=y&:host_url=http://12.34.56.789/&:tabs=no&:toolbar=no&:loadOrderID=0 HTTP/1.1" "123.45.67.123" 432 1234 "-" 15600 UctMxwq1CGoAABrYHkIAAAB0
 
To resolve this issue, use the following steps.

Note: Making the following changes will cause Tableau Server to reject GETs coming from unintended clients, such as proxies and other security scanners, so that only the specified client browser can redeem the ticket.
  1. Enable client IP security to make sure the specified browser has a chance to redeem the trusted ticket before the proxy redeems the ticket. For more information, see Optional: Configure Client IP Matching topic in the Tableau Server Administrator Guide.
  2. Ensure that the IP address of the client browser is included in the original POST request to Tableau Server. For more information about POST requests, see the Get a Ticket from Tableau Server section of the Product Help guide.

Option 2 : No Duplicate Calls for Ticket and URL is Truncated:
If the embedded view is being initialized incorrectly, the URL will not pass through the GET call. After the trusted ticket, there should be a URL that includes the view name but it is missing from the log entry below:
 
123.45.678.91- - 2016-08-09 15:52:58.213 Pacific Daylight Time 443 "GET /trusted/w5DCZZDNtI8K42kzg7OyAM3p/ HTTP/1.1" "-" 403 1774 "-" 15649 V6pCqgoIAEQAADoYq48AAAIy 

To resolve this issue, verify that the URL used to embed the view should not include the # sign. See Display the View with the Ticket for more information. The # sign will not pass the full URL causing an error redeeming the ticket.
  • Incorrectly constructed Trusted Ticket URL: http://myserver/trusted/<ticket>/#/views/<workbook>/<view>
  • Correctly constructed Trusted Ticket URL: http://myserver/trusted/<ticket>/t/<site>/views/<workbook>/<view>
  • Correctly constructed Trusted Ticket URL: http://myserver/trusted/<ticket>/views/<workbook>/<view>
Note: if Tableau Server is running multiple sites and the view is on a site other than the Default site, you need to add t/<site ID> to the path. See What is a site? for more information.

Cause

  • The trusted ticket was not used within three minutes.
  • A proxy sent duplicate requests to Tableau Server and inadvertently redeemed the ticket that was in the URL, invalidating it for subsequent requests.
  • The embed URL is incorrect, truncating the full URL of the view

Additional Information

This error has also been seen when the trusted ticket code used the wrong server to create the GET request.
Did this article resolve the issue?