KNOWLEDGE BASE

TSM Application Server Does Not Start After Configuring SAML


Published: 28 Sep 2018
Last Modified Date: 17 Oct 2018

Issue

After configuring server wide SAML in Tableau Server 2018.2 on CentOS 7.5, the application server will not start.

Environment

  • Tableau Server 2018.2.0
  • CentOS 7.5
  • TSM
  • Linux

Resolution

Option 1

Change the existing certificate extension to .crt

Option 2

Create a self-signed certificate to confirm that the issue is, in fact with the certificate:

Please note that below solutions should only be used until a commercial cert can be obtained.  Please see our “Configure SSL for External HTTP Traffic to and from Tableau Server” article for more information.

If using Linux:

  1. Create the .Key File:
    openssl genrsa -out <yourcertname>.key 4096
    
  2. Create the .csr File:
    openssl req -new -key <yourcertname>.key -out <yourcertname>.csr
    
  3. Create the .crt File:\
    openssl x509 -req -days 1825 -in <yourcertname>.csr -signkey <yourcertname>.key -out <yourcertname>.crt
    

If using Windows:

  1. Navigate to C:\Program Files\Tableau\Tableau Server\<version>\apache\bin
  2. Create the .Key File:

    openssl.exe genrsa -out <yourcertname>.key 4096
    
  3. Create the .csr File:
    openssl.exe req -new -key <yourcertname>.key -out <yourcertname>.csr -config ..\conf\openssl.cnf
    
  4. Create the .crt File:
    openssl.exe x509 -req -days 1825 -in <yourcertname>.csr -signkey <yourcertname>.key -out <yourcertname>.crt 

Cause

The cause can be related to one, or both of the following:
  • The certificate may have been corrupted in transport, during editing, or at some other time.
  • The certificate uses a .cert extension instead of the .crt extension that we list in our documentation as a requirement (Note that in most cases a .cert extension will work in Windows but not in Linux)

Additional Information

You will likely see the following error stack in the vizportal_node logs:
 
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.tableausoftware.domain.user.saml.TabKeyManager]: Constructor threw exception; nested exception is java.security.cert.CertificateException: Could not parse certificate: java.io.IOException: Illegal header:

 
Did this article resolve the issue?