KNOWLEDGE BASE

All Logins Fail with "Sign in failed" When Configuring Site Specific SAML


Published: 27 Jul 2017
Last Modified Date: 21 Jun 2019

Issue

When trying to enable Site-specific SAML, all logins (both default and site saml) fail with the error "Sign in failed". Configuring server-wide SAML with the same certificate, key, and metadata files succeeds.

Additionally,the Tableau Server vizportal logs show the following error.
 
2017-07-21 09:05:30.329 -0400 (<SITE NAME>,<USERNAME>,<REQUEST ID>,<SESSION ID>) catalina-exec-8 : ERROR com.tableausoftware.sitesaml.client.UserConfigurationClient - POST,https://<Tableau Server URL>/samlservice/private/api/userConfiguration,userId=<ALPHANUMERIC STRING>,264ms,500,{"timestamp":1500642330327,"status":500,"error":"Internal Server Error","requestId":"<REQUEST ID>","displayableMessage":null},
2017-07-21 09:05:30.330 -0400 (<SITE NAME>,<USERNAME>,<REQUEST ID>,<SESSION ID>) catalina-exec-8 : ERROR com.tableausoftware.api.webclient.remoting.RemoteCallHandler - Exception raised by call target: 500 Server Error
org.springframework.web.client.HttpServerErrorException: 500 Server Error


samlservice logs may show a couple different errors. One example:
2017-07-21 13:05:30.327 [<STRING>] ERROR c.t.sitesaml.webapp.HttpErrorLogger - requestId=[<REQUEST ID>], url=[/private/api/userConfiguration], status=[500], cause=[Could not get JDBC Connection; nested exception is java.sql.SQLException: Cannot create PoolableConnectionFactory (FATAL: no pg_hba.conf entry for host "127.0.0.1", user "tblwgadmin", database "workgroup", SSL off); caused by: FATAL: no pg_hba.conf entry for host "127.0.0.1", user "tblwgadmin", database "workgroup", SSL off], displayableMessage=[null]

A different error seen in samlservice logs is "Could not get JDBC Connection".

You will also see traces of this in the PostGreSQL logs, FATAL errors specifying "SSL off".

Environment

  • Tableau Server 2018.1.12, 2018.2.9, 2018.3.6, 2019.1.3, 2019.2.0 and earlier versions
  • Windows
  • Internal (Repository) SSL
  • Site-specific SAML

Resolution

Option 1: 


Upgrade to Tableau Server 2018.1.13, 2018.2.10, 2018.3.7, 2019.1.4 or a newer maintenance release of one of these versions.  Click here for downloads of current and previous versions of Tableau Server: Tableau Server Downloads and Release Notes. For more information on current releases, see Upgrade Tableau Server and Server Upgrade.
This issue is not yet resolved in Tableau Server 2019.2 versions. 

Option 2:

As a workaround, disabling either Repository SSL or Site-specific SAML will avoid the issue.

Cause

This behavior is related to a known issue with ID 877700 which has been corrected in more recent versions. 
Did this article resolve the issue?