KNOWLEDGE BASE

Unable to See An Embedded View without Tableau Server Login Button Using OpenID


Published: 25 Jan 2021
Last Modified Date: 29 Jan 2021

Issue

Embedded view cannot be displayed when using SSO/OpenID Connect. There is no Sign in button displayed in the view even though 
the option wgserver.openid.iframed_idp.enabled is enabled on Tableau Server.

Environment

  • Tableau Server 2020.2.2

Resolution

The solution is of two-fold:
1. Upgrade to Tableau Server 2020.3.2 or later. Depending on the web browser used, this may resolved the issue.
Otherwise:
2. If Google Chrome is used, configure the SameSite attribute value to Disabled to resolve the issue or set the Samesite attribute as the session_id of the Cookie from IdP.
 

Cause

This issue related to Issue ID 1182133. On slow networks, an embedded viz using in-frame SAML authentication could end up looping before the login was successful.
 

Additional Information

This is related to how the browser/Chrome treats sending the Cookies depending on the Samesite attribute setting. If IdP doesn't send a request to Tableau Server with samesite attribute, Chrome uses samesite=lax by default at that time. If Tableau Server domain is different from IdP domain, the behavior of Chrome is as expected because the main page is in the Tableau Server domain and by default it rejects the cookies from IdP domain.
Please see a following page about samesite setting:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
 
Did this article resolve the issue?