KNOWLEDGE BASE

Errors "Can't decrypt Assertion" Or "Response doesn't have any valid assertion" Configuring Tableau Online with SSO


Published: 21 Nov 2015
Last Modified Date: 10 Feb 2018

Issue

When signing into Tableau Online configured for SSO, an error occurs stating the sign-in was unsuccessful.

Additionally, one of the following errors can be found in the Tableau Online SAML logs:
 
 [/public/sp/SSO], status=[500], cause=[Can't decrypt Assertion, no decrypter is set in the context], displayableMessage=[null] 

Or
 
Error validating SAML message; caused by: Response doesn't have any valid assertion which would pass subject validation

Environment

  • Tableau Online​
  • SAML

Resolution

Turn off assertion encryption on the Identify Provider side. 

For example, with ADFS:

On the AD FS server, use Windows PowerShell to run the following command (to change the display name to <MySiteName>):

Set-ADFSRelyingPartyTrust -TargetName <MySiteName> -EncryptClaims 0

Note: If you receive the error Set-ADFSRelyingPartyTrust Cmdlet cannot be found, you must add the AD FS PowerShell snap-in. At the command prompt type: Add-PSSnapin Microsoft.Adfs.PowerShell, and then repeat this step.

Cause

Assertions are being encrypted by the Identity Provider prior to being sent to Tableau Online inside an already encrypted SSL channel.
Did this article resolve the issue?