KNOWLEDGE BASE

Error: Incoming SAML message has no valid value for username attribute During Authentication


Published: 22 Dec 2015
Last Modified Date: 18 May 2016

Issue

When authenticating to Tableau Server configured for SAML, the following error might occur:

Incoming SAML message has no valid value for username attribute


 

Environment

Tableau Server

Resolution

Ensure that the IdP is sending a valid attribute that matches the username in Tableau Server. If the attribute matching the Tableau Server username is named something other than username, it will be necessary to configure Tableau Server for the correct attribute. For example, in the following SAML response, the attribute for oid:user and not username:

</saml2:Attribute><saml2:Attribute FriendlyName="glid" Name="oid:user" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> 
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">testuser</saml2:AttributeValue></saml2:Attribute>

To update Tableau Server to use a new value to authenticate users:
  1. On the computer running Tableau Server, open the command prompt as an administrator.
  2. Navigate to the Tableau Server bin directory.
  3. Run the following commands in order: 
    tabadmin stop 
    tabadmin set wgserver.saml.idpattribute.username "<new attribute>" 
    tabadmin config 
    tabadmin start

Cause

There is no valid username attribute.

Potential causes:
  • No username attribute is sent from the identity provider (IdP).
  • A username attribute is sent that is not recognized by Tableau Server as a username.
Did this article resolve the issue?