TSM Application Server Does Not Start After Configuring SAML

Published: 28 Sep 2018
Last Modified Date: 16 Jan 2019


After configuring server wide SAML in Tableau Server 2018.2 on CentOS 7.5, the application server will not start.


  • Tableau Server 2018.2.0
  • CentOS 7.5
  • TSM
  • Linux


Option 1

Change the existing certificate extension to .crt

Option 2

Create a self-signed certificate to confirm that the issue is, in fact with the certificate:

Please note that below solutions should only be used until a commercial cert can be obtained.  Please see our “Configure SSL for External HTTP Traffic to and from Tableau Server” article for more information.

If using Linux:

  1. Create the .Key File:
    openssl genrsa -out <yourcertname>.key 4096
  2. Create the .csr File:
    openssl req -new -key <yourcertname>.key -out <yourcertname>.csr
  3. Create the .crt File:\
    openssl x509 -req -days 1825 -in <yourcertname>.csr -signkey <yourcertname>.key -out <yourcertname>.crt

If using Windows:

  1. Navigate to C:\Program Files\Tableau\Tableau Server\<version>\apache\bin
  2. Create the .Key File:

    openssl.exe genrsa -out <yourcertname>.key 4096
  3. Create the .csr File:
    openssl.exe req -new -key <yourcertname>.key -out <yourcertname>.csr -config ..\conf\openssl.cnf
  4. Create the .crt File:
    openssl.exe x509 -req -days 1825 -in <yourcertname>.csr -signkey <yourcertname>.key -out <yourcertname>.crt 


The cause can be related to one, or both of the following:
  • The certificate may have been corrupted in transport, during editing, or at some other time.
  • The certificate uses a .cert extension instead of the .crt extension that we list in our documentation as a requirement (Note that in most cases a .cert extension will work in Windows but not in Linux)

Additional Information

You will likely see the following error stack in the vizportal_node logs:
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.tableausoftware.domain.user.saml.TabKeyManager]: Constructor threw exception; nested exception is Could not parse certificate: Illegal header:

Discuss this article... Feedback Forum
Did this article resolve the issue?