Error: "The sign-in was unsuccessful" and "Response has invalid status code" When Attempting to Login to Tableau Online using ADFS SAML

Published: 06 Oct 2017
Last Modified Date: 09 Nov 2020


When attempting to login to Tableau Online using SAML with AD FS, the following error occurs: 

The sign-in was unsuccessful. Try again. 

The below error also displays in the tableau_authentication log (found under Step 7 when configuring SAML on Tableau Online). 

Response has invalid status code urn:oasis:names:tc:SAML:2.0:status:Responder, status message is null 


  • Tableau Online
  • SAML
  • AD FS as IdP


Try the below options, in the following order, to resolve the issue:

Option 1
  1. Configure an additional AD FS relying party identifier.
  2. In AD FS Management, in the Relying Party Trusts list, right-click on the relying party you created for Tableau Online, and click Properties
  3. On the Identifiers tab, in the Relying party identifier box, enter and then click Add.
  4. Select Apply and OK, then attempt to login. 

Option 2
  1. Turn off AD FS assertion encryption for the relying party. Note that Tableau Online does not currently support assertion encryption.
  2. On the AD FS server, use Windows PowerShell to run the following command, replacing <MyRelyingPartyName> in the example command below to the name of the ADFS relying party display name:
Set-ADFSRelyingPartyTrust -TargetName <MyRelyingPartyName> -EncryptClaims 0
  • Note: If you receive the error "Set-ADFSRelyingPartyTrust Cmdlet cannot be found", you must add the AD FS PowerShell snap-in. At the command prompt type the below, and repeat this step. 
Add-PSSnapin Microsoft.Adfs.PowerShell

Option 3
  1. Remove any unsupported binding types (HTTP-Redirect, HTTP-SOAP, etc) from the IdP metadata.
  2. Re-import the metadata.xml to Tableau Online. (See SAML Requirements for Tableau Online for supporting information)

Option 4
  1. The following error occurs in the AD FS logs: "ID4037: The key needed to verify the signature could not be resolved from the following security key identifier 'SecurityKeyIdentifier'"
  2. Follow steps 1-3 on Configure SAML with AD FS to correct a mismatch in certificates on the IdP and Tableau Online. 

Option 5
Contact your IdP provider for assistance with investigation as to why the SAML response is throwing a Responder status instead of Success, as they are the best resource for determining what about the exchange they are not configured to accept.


The IdP is not properly configured to send a valid authentication response to Tableau Online. 

Additional Information

Please refer to this Microsoft article for additional information.

Note: While we make every effort to keep references to third-party content accurate, the information provided might change without notice. 

Discuss this article... Feedback Forum
Did this article resolve the issue?