KNOWLEDGE BASE

Error when clicking logout using SAML in Tableau Server 9.1


Published: 29 Sep 2015
Last Modified Date: 07 Mar 2017

Issue

Error when clicking logout using SAML:

<SOAP-ENV:Envelope><SOAP-ENV:Body><samlp:LogoutResponse ID="id-vpITbhUH3YMen5Lpq2U4o3ZS91o-" InResponseTo="a87i72d4cig85b651bd5g182e8hdg4" IssueInstant="2015-09-25T17:41:20Z" Version="2.0"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://signin-stage.netapp.com:443/fed/idp</saml:Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder"><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:RequestDenied"/></samlp:StatusCode></samlp:Status></samlp:LogoutResponse></SOAP-ENV:Body></SOAP-ENV:Envelope>


 

Environment

  • Tableau Server 9.1.0

Resolution

Make sure your identity provider (IdP) is configured with a SAML Logout endpoint that does a POST to http(s)://<tableauserver>/wg/saml/SingleLogout/index.html

If the above is completed, the XML metadata will show a SingleLogout binding with an HTTP-POST value. If the Logout button continues to produce the error, you will need to work with the IdP to determine why it is denying the logout request

Cause

The IdP is denying the SAML Logout request.

Additional Information

Starting with version 9.1, Tableau Server supports SAML logout. SAML logout is enabled by default and you can disable or enable it using the tabadmin set wgserver.saml.logout.enabled false/true command.

If your pre-9.1 Tableau Server is configured for SAML authentication, the logout functionality will not work until you reconfigure the metadata for SAML. You must re-export the SAML metadata file and re-import it into your IDP.
Did this article resolve the issue?