KNOWLEDGE BASE

On SAML login for Tableau Server Error "Unable to Sign In - Invalid username or password" received


Published: 06 Jan 2023
Last Modified Date: 06 Jan 2023

Issue

When logging into a Tableau Server using SAML, after authentication with the Identity Provider, the Tableau Server gives an error page that says "Unable to Sign In" followed by "Invalid username or password" underneath.

Additionally, the authnresponse from the Identity Provider contains the following:

<samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Responder\"><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:RequestDenied\"/></samlp:StatusCode><samlp:StatusMessage>You are NOT authorized to access this Application.</samlp:StatusMessage><samlp:StatusDetail><Cause>org.sourceid.saml20.domain.AuthorizationException: You are NOT authorized to access this Application.</Cause></samlp:StatusDetail></samlp:Status>

Authnresponse is captured in:

  1. Network captures like Fiddler
  2. SAML trace utilities like Chrome SAML Tracer
  3. For Server-wide SAML, Tableau Server vizportal logs when vizportal.log.level is set to debug
  4. For Site-specific SAML, Tableau Server samlservice logs

Environment

  • Tableau Server 2021.1.4 and newer
  • SAML

Resolution

The Identity Provider needs to assign the user to the Tableau Server application. This action will require an Identity Provider administrator.

Cause

User is not granted permission to the Tableau Server application on the Identity Provider.
Did this article resolve the issue?