When you use Tableau in an enterprise setup, you might want to bypass authentication for the users, especially if there is already some way you can identify your users, using an AD/portal login.
Technical details about Trusted authentication with Tableau can be found here .
My Tableau environment setup
Tableau version 9.1
Windows Server 2012
IIS Server running on the same system (ideally it will be on a separate machine, but hey - this is just a demo)
Required access and tools
Tableau admin access to create generic user and modify view access
MS Visual Studio for creating a ASP.NET Application
Here are the steps taken for to enable Tableau Authentication (as outlined by Tableau docs here and here):
Technical details about Trusted authentication with Tableau can be found here .
My Tableau environment setup
Tableau version 9.1
Windows Server 2012
IIS Server running on the same system (ideally it will be on a separate machine, but hey - this is just a demo)
Required access and tools
Tableau admin access to create generic user and modify view access
MS Visual Studio for creating a ASP.NET Application
Here are the steps taken for to enable Tableau Authentication (as outlined by Tableau docs here and here):
- Create a generic user account in Tableau server, lets call the user TabGenericUser.
- Assign TabGenericUser read-only access to a few views in our server.
- Find the IP address of the application server where the web server will reside (in our case it is localhost, as it's the same server where Tableau is hosted)
- Add Trusted IP Addresses or Host Names to Tableau Server. This step is outlined here.
- Remember that in this flow, the client no longer logs on to the Tableau server directly, but through the web server. Although we wrote the portal in ASP.NET, it could just as easily be written in a language of your choice. The function of the portal/web server would be to :
- Receive requests from client browser.
- Connect to Tableau server as TabGenericUser for an authentication request. Tableau server identifies the request as originating from a trusted IP (as configured in step 4).
- Receive an authentication ticket that can be used to access reports on the server. Note that only those views can be accessed to which TabGenericUser has access.
- Construct a URL of the requested report. This URL includes the authentication ticket issued by the server.
- Web Server can now serve up the report in the browser directly (using script tag or an iframe).
- Optionally, client IP matching can be done for additional security (as shown here)
The ASP.NET application code for getting the Tableau Authentication ticket :
private string GetTableauAuthenticationTicket()
{
var request = (HttpWebRequest)WebRequest.Create(hostName+"/trusted");
var encoding = new UTF8Encoding();
var postData = "username=" + userName; //userName = "TabGenericUser"
byte[] data = encoding.GetBytes(postData);
request.Method = "POST";
request.ContentType = "application/x-www-form-urlencoded";
request.ContentLength = data.Length;
using (var stream = request.GetRequestStream())
{
stream.Write(data, 0, data.Length);
}
var response = (HttpWebResponse)request.GetResponse();
return new StreamReader(response.GetResponseStream()).ReadToEnd();
}
Once the authentication ticket is returned by this method, you can use it to construct your view-URL like so:
http://TABLEAU_SERVER:PORT/trusted/<ticket>/views/<workbook>/<view>
OR, if you have multiple sites in your Tableau server, specify the site explicitly :
http://TABLEAU_SERVER:PORT/trusted/<ticket>/t/Sales/views/<workbook>/<view>
Feel free to comment if you have any follow-up questions, or if any specific step needs further explanation. You can also reach me on twitter @shafeeqrtk .
Nice post ,keep update at
ReplyDeleteTableau Online Course