Error "SAML Authentication Failed, please contact the administrator" With "intended destination endpoint ... did not match the recipient" In Logs

Published: 05 Apr 2018
Last Modified Date: 04 Nov 2019


When accessing Tableau Server with SAML authentication, SAML authentication fails with the message "SAML Authentication Failed, please contact the administrator."

An error similar to the following can be seen in the Vizportal log
Note: .com and .net is the difference causing the error in this example)
2018-04-02 14:29:02.388 -0400 (,,,,) catalina-exec-2 : ERROR org.opensaml.common.binding.decoding.BaseSAMLMessageDecoder - SAML message intended destination endpoint '' did not match the recipient endpoint ''


  • Tableau Server 
  • SAML Authentication


  1. Confirm that the "Tableau Server return URL" is configured correctly on the SAML tab of the Tableau Server Configuration window.
  2. Work with your IdP (Identity Provider) team to ensure the correct endpoint is configured.
    • If using Site-specific SAML, make sure that the endpoint is pointing to a Site-Specific endpoint for each site instead of the Server wide SAML endpoint.
      • Server wide endpoint: https://<tableauserver>/wg/saml/SSO/index.html
      • Site-Specific endpoint:  https://<tableauserver>/samlservice/public/sp/sso?alias=<SpecificPerSiteAlias>
If using a reverse proxy, confirm that the reverse proxy is configured to send the correct host header.,



A discrepancy between the endpoint configuration on Tableau Server and the IdP.
Did this article resolve the issue?