KNOWLEDGE BASE

Error "SAML Authentication Failed, please contact the administrator" With "intended destination endpoint ... did not match the recipient" In Logs


Published: 05 Apr 2018
Last Modified Date: 05 Apr 2018

Issue

When accessing Tableau Server with SAML authentication, SAML authentication fails with the message "SAML Authentication Failed, please contact the administrator."

An error similar to the following can be seen in the Vizportal log
Note: .com and .net is the difference causing the error in this example)
2018-04-02 14:29:02.388 -0400 (,,,,) catalina-exec-2 : ERROR org.opensaml.common.binding.decoding.BaseSAMLMessageDecoder - SAML message intended destination endpoint 'http://server.com/wg/saml/SSO/index.html' did not match the recipient endpoint 'http://server.net/wg/saml/SSO/index.html'

Environment

  • Tableau Server 
  • SAML Authentication

Resolution

  1. Confirm that the "Tableau Server return URL" is configured correctly on the SAML tab of the Tableau Server Configuration window.
  2. Work with your IdP (Identity Provider) team to ensure the correct endpoint is configured.

Cause

A discrepancy between the endpoint configuration on Tableau Server and the IdP.
Did this article resolve the issue?