KNOWLEDGE BASE

SAML Redirect Loop Occurs When Signing In With Safari On iOS


Published: 17 Jul 2020
Last Modified Date: 17 Jul 2020

Issue

When signing in with SAML authentication by Safari on iOS, after the user submits valid credentials (username and password) to IdP, the user is stuck in a redirect loop between IdP and Tableau Server.

User-added image


Additionally, the vizportal logs (set to debug mode) contain the following message:
2020-07-07 17:22:18.011 +0900 (-,-,-,XwQwuuMrQ32x-9sz4swDSgAAAf8,5:-53c415fc:1732820e438:-7c08) catalina-exec-10 vizportal: INFO  com.tableausoftware.app.vizportal.LoggingInterceptor - Request received: /v1/getSessionInfo
2020-07-07 17:22:18.012 +0900 (-,-,-,XwQwuuMrQ32x-9sz4swDSgAAAf8,5:-53c415fc:1732820e438:-7c08) catalina-exec-10 vizportal: DEBUG com.tableausoftware.api.webclient.WebClientApiController - WebClient API: Request for method 'getSessionInfo' received
2020-07-07 17:22:18.012 +0900 (-,-,-,XwQwuuMrQ32x-9sz4swDSgAAAf8,5:-53c415fc:1732820e438:-7c08) catalina-exec-10 vizportal: WARN AuthNResponse- No xsrf header was found in request.
2020-07-07 17:22:18.012 +0900 (-,-,-,XwQwuuMrQ32x-9sz4swDSgAAAf8,5:-53c415fc:1732820e438:-7c08) catalina-exec-10 vizportal: INFO  com.tableausoftware.api.webclient.remoting.AuthenticatedUserCallInterceptor - WebClient: called API method has parameter of IAuthenticatedUser type, but when called there was no logged in user. Responding with 'InvalidSessionException'.
2020-07-07 17:22:18.012 +0900 (-,-,-,XwQwuuMrQ32x-9sz4swDSgAAAf8,5:-53c415fc:1732820e438:-7c08) catalina-exec-10 vizportal: DEBUG com.tableausoftware.core.util.RemoteIP - Found header https in X-FORWARDED-PROTO
2020-07-07 17:22:18.012 +0900 (-,-,-,XwQwuuMrQ32x-9sz4swDSgAAAf8,5:-53c415fc:1732820e438:-7c08) catalina-exec-10 vizportal: INFO  com.tableausoftware.api.webclient.WebClientApiController - com.tableausoftware.domain.exceptions.InvalidSessionException: Session not found. (errorCode=46)

Environment

  • Tableau Server
  • iOS
  • Safari

Resolution

Option 1:
Update iOS and make sure the Safari is the latest version.

Option 2:
Try other web browsers (e.g. Chrome or Firefox) on iOS.

Cause

The old Safari version may not allow Cross-site request forgery (XSRF).
For more information, see Safari Technology Preview Release Notes Release 77 - "Fixed Same-Site Lax cookies to be sent with cross-site redirect from a client-initiated load"
Did this article resolve the issue?