Tableau Server With Proxy Or Azure Waf Fails To Authenticate With An Endless Loop In The Url

Published: 12 Aug 2020
Last Modified Date: 08 Jul 2022


Tableau Server with a proxy and/or Azure host with a configured SSO option (e.g. OpenID) is unable to sign users in. The signin/URL continues in loop. The suffix '/#/signin' or similar will appear and disappear in the URL, and the user will not be able to login.



  • Tableau Server
  • Proxy
  • Azure WAF


Work with your IT team to ensure that the XSRF (Cross-Site Request Forgery Prevention) cookie is not being changed, replaced or removed by the proxy or the Azure WAF.


The proxy or the Azure WAF is changing the XSRF cookie so that the SSO (Single Sign On)process fails to complete.

Additional Information

You may see the following error in vizportal log if the token is changed by the proxy or Azure WAF.
"Xsrf cookie in request does not match token from header. Cookie invalid."
Did this article resolve the issue?