KNOWLEDGE BASE

Error: "The page could not be Accessed configuring Site Specific SAML with AD FS" When using Site Specific SAML


Published: 13 Apr 2017
Last Modified Date: 14 Apr 2017

Issue

When authenticating to Site Specific SAML, the following error might occur:
The page could not be Accessed configuring Site Specific SAML with AD FS

Environment

Tableau Server

Resolution

In the AD FS Relying Party Trust, configure the following:
  • In the Encryption Tab, remove the encryption certificate.
  • In the Advanced Tab, set the HASH ALGORITHM to SHA1.
  • In the Identifiers Tab, add a second identifier. Same as previous one, but deleting everything after and including the question mark (do not remove the existing one) .
For example:
Existing identifier:
https://serverName.com/samlservice/public/sp/metadata?alias=8asdfddsfdggf8dsfdg-eewg

Add following identifier:
https://serverName.com/samlservice/public/sp/metadata
  • In the claim , alternate the following as custom rules. One of them should be the right one depending on your Active Directory configuration :
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
 => issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", "username"), query = ";sAMAccountName,sAMAccountName;{0}", param = c.Value);
 
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
 => issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", "username"), query = ";userPrincipalName,userPrincipalName;{0}", param = c.Value);
Did this article resolve the issue?