SAML Login Failed With Error "Invalid username or password" And SAML Error "Relying Party Registration not found" Displays In The Vizportal Logs

Published: 21 May 2021
Last Modified Date: 21 May 2021


SAML authentication fails with the error message "Invalid username or password". And SAML error "Relying Party Registration not found" displays in the vizportal-<n>.log.

Example of errors:

  • In Web Browser:

Unable to Sign In
Invalid username or password


  • In vizportal-<n>.log:

// ziplogs\node1\vizportal_0.20204.21.0217.12032796448277247282360\logs\vizportal_node1-0.log.2021-04-06
2021-04-06 17:30:41.689 +0900 (-,-,-,YGwcMcSejrfeFts3UbUqBQAAAAU,62006ec2-59b4-4f06-8e36-2d696be10884) catalina-exec-5 auth_saml: INFO  com.tableausoftware.samlauthentication.handlers.SAMLAuthenticationFailureHandler - SAML Authentication Failed, the SAML Response from the IdP was not valid: [relying_party_registration_not_found] Relying Party Registration not found Relying Party Registration not found.
2021-04-06 17:30:41.689 +0900 (-,-,-,YGwcMcSejrfeFts3UbUqBQAAAAU,62006ec2-59b4-4f06-8e36-2d696be10884) catalina-exec-5 auth_saml: INFO  com.tableausoftware.samlauthentication.handlers.SAMLAuthenticationFailureHandler - SAML login failed, redirecting user to /#/error/signin/16?redirectPath=/wg/saml/logout/index.html



  • Tableau Server
  • SAML


Verify and make sure the IdP's entityID value in the metadata file and the value output in the vizportal log matches.
If they don't match, modify and correct the metadata file, reupload the setting file and restart Tableau Server as described in the Online help below.

1. IdP entityID in the IdP’s metadata imported to Tableau Server. See "Return to the TSM web UI. For Step 4 in the GUI, enter the path to the IdP metadata file, and then click Select File" for more information. 
Example of IdP's metadata:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<EntityDescriptor entityID="<IdP's entityID>" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
    <IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">

2. IdP entityID (SAML Issuer) that actually returned SAML response
Note the SAML response only shows in debug level vizportal-<n>.log.
Example of debug level vizportal-<n>.log:
2021-05-17 08:42:52.306 +0900 (-,-,-,YKGt-N5GvHne@nSFd230EwAAABI,e1fc5233-17e3-4c48-bf11-9080c4b15031) catalina-exec-4 auth_saml: DEBUG com.tableausoftware.samlauthentication.filters.SAMLAuthenticationProcessingFilter - Processing the SAML Authentication attempt.
2021-05-17 08:42:52.307 +0900 (-,-,-,YKGt-N5GvHne@nSFd230EwAAABI,e1fc5233-17e3-4c48-bf11-9080c4b15031) catalina-exec-4 auth_saml: DEBUG - <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="s2e7228b43916e3a98d52152d64179587c1cda4dd1" InResponseTo="ARQ53ed66d-b501-4ccb-8dbc-cea3cd99b1c3" Version="2.0" IssueInstant="2021-05-16T23:42:52Z" Destination="<Tableau Server URL>/wg/saml/SSO/index.html"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><IdP's entityID></saml:Issuer><samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
2021-05-17 08:42:52.398 +0900 (-,-,-,YKGt-N5GvHne@nSFd230EwAAABI,e1fc5233-17e3-4c48-bf11-9080c4b15031) catalina-exec-4 auth_saml: DEBUG com.tableausoftware.samlauthentication.filters.SAMLIdPMessageProcessor - Calculated relying party as <IdP's entityID>
2021-05-17 08:42:52.399 +0900 (-,-,-,YKGt-N5GvHne@nSFd230EwAAABI,e1fc5233-17e3-4c48-bf11-9080c4b15031) catalina-exec-4 auth_saml: DEBUG com.tableausoftware.samlauthentication.filters.SAMLAuthenticationProcessingFilter - Authentication request failed: Saml2AuthenticationException{error=[relying_party_registration_not_found] Relying Party Registration not found} Relying Party Registration not found


  • The IdP entityID (SAML Issuer) in the SAML response does not match the entityID in the IdP's metadata that was imported into Tableau Server.
  • Since Tableau Server receives and verifies if it's a valid SAML response based on settings, this is an IdPs metadata mismatch issue. For more information, see the SAML flow (Step 4 ~ Step 5) in SAML.

Additional Information

  • To log SAML-related details, vizportal.log.level needs to be set to the debug level:
1. tsm configuration set -k vizportal.log.level -v debug
2. tsm pending-changes apply
3. Attempt SAML login
4. Check the vizportal_node1-0.log
  • Windows: %PROGRAMDATA%\Tableau\Tableau Server\data\tabsvc\logs\vizportal\vizportal_node1-0.log
  • Linux: /var/opt/tableau/tableau_server/data/tabsvc/logs/vizportal/vizportal_node1-0.log
  • After troubleshooting, run the following command to reset the vizportal.log.level to default:
1. tsm configuration set -k vizportal.log.level -d 
2. tsm pending-changes apply
Did this article resolve the issue?