KNOWLEDGE BASE

Embedded Dashboard Displays a Login Prompt Button with SAML (SSO) Authentication


Published: 03 Aug 2015
Last Modified Date: 21 Aug 2018

Issue

When navigating to an embedded Tableau view, a "Sign in to <Server Name>" button displays when automatic authentication over the IdP is expected. 

Environment

  • Tableau Server
  • Tableau Online

Resolution

Option 1: 

Use Trusted Authentication to embed views without requiring a login. 

Option 2: 

Allow in-frame authentication. 
Note: Enabling this ability requires disabling Clickjack protection, introducing an increased exposure to clickjacking attacks. 

For Tableau Server configured to use Server-Wide SAML:

  1. Open a command prompt as an Administrator on the computer where Tableau Server is installed.
  2. Navigate to the Tableau Server bin directory.
  3. Execute the following commands:
  • tabadmin set wgserver.saml.iframed_idp.enabled true
  • tabadmin restart
For more information, see the Complete the SAML configuration steps section of Configure Server-Wide SAML. 


For Tableau Online, or for Tableau Server configured to use Site-Specific SAML:

Ensure the below two options are properly configured under Settings > Authentication: 
  1. Set the Default authentication type for embedded views to SAML
  2. Under Embedding options, select Authenticate using an inline frame (less secure; not supported by all IdPs). 
For more information, see Configure SAML for a site

Cause

By default, Tableau Server and Tableau Online embedded views open a separate window for SAML IdP authentication to minimize the risk of Clickjacking.
 

Additional Information

For more information about clickjacking, see Clickjacking at OWASP (Open Web Application Security Project)
Did this article resolve the issue?