KNOWLEDGE BASE

Error "HTTP Status 500 ... User specified binding is not supported by the Identity Provider using profile..." Configuring SAML


Published: 21 Jun 2016
Last Modified Date: 08 Sep 2016

Issue

When configuring Tableau Server for SAML the following error might occur:

HTTP Status 500 - org.opensaml.saml2.metadata.provider.MetadataProviderException: User specified binding is not supported by the Identity Provider using profile urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser

Environment

  • Tableau Server 9.2.3
  • Windows 2008 R2

Resolution

Place the same SAML certificate, SAML key, and SAML IdP metadata files that you used for the primary on each Tableau Worker that is running an application server process. Use the same folder location on the workers that you used on the primary. You do not need to do any additional configuration on the workers.

For example, consider a cluster that includes a primary Tableau Server and two workers. Application server processes are running on the primary and on Worker 2 and Worker 3. In this situation, you configure the primary Tableau Server for SAML, and then copy the same SAML certificate, SAML key, and SAML IdP metadata files to the Worker 2 and Worker 3 computers. On the worker comptuers, put the SAML files in the the C:\Program Files\Tableau\Tableau Server\SAML folder, just as they are on the primary computer.

 

Cause

The workers do not contain the same SAML cert, key and IdP metadata file as the primary.
Did this article resolve the issue?