Menu
    KNOWLEDGE BASE

    SAML Login Fails with a Blank Screen and "Server Down (errorCode=100081)" can be Found In Logs

    Published: 06 Apr 2018
    Last Modified Date: 31 May 2018

    Issue

    When accessing Tableau Server with SAML authentication, SAML authentication fails with a blank screen and an error similar to the following can be seen in the Vizportal log:

    <date & time> (,,,,) catalina-exec-4 : ERROR com.tableausoftware.domain.user.saml.SAMLExtendedProcessingFilter - SAML Authentication Failed, please contact the administrator.
    com.tableausoftware.domain.ldap.LdapConnectException: Server Down (errorCode=100081)


     

    Environment

    • Tableau Server
    • Active Directory Authentication
    • LDAP
    • SAML Authentication

    Resolution

    Work with your Idp (Identity Provider) team to ensure the username attribute is not being passed using the email address for the user.

    Cause

    Tableau Server does not allow logging in with email as the username for AD/LDAP users. This is not a valid way to sign in using Active Directory on windows or Linux server. 

    Additional Information

    Enable vizportal debug level logging and review the AuthNResponse from the IdP.

    In this example the username attribute is in the incorrect format:
    <saml:Attribute Name="username" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">username@emaildomain.com</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>

    In this example the username is in the correct format:
    <saml:Attribute Name="username" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">username</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>

    In this example, the username and domain are passed is in the correct format:
    <saml:Attribute Name="username" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">ad-domain/username</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>

    Or alternately:
    <saml:Attribute Name="username" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">username@ad-domain</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>
    Did this article resolve the issue?    
    PRINT THIS PAGE
    Related Links
    Changing Logging Levels
    Attachments

    All Support

    SUPPORT BY PRODUCT
    TOOLS & DOWNLOADS
    INFORMATION
    ASSISTANCE