This topic describes how to configure Tableau Server to use OpenID Connect (OIDC) for single-sign on (SSO). This is one step in a multi-step process. The following topics provide information about configuring and using OIDC with Tableau Server.
OpenID Connect Overview
Configure Tableau Server for OpenID Connect (you are here)
Open TSM in a browser:
https://<tsm-computer-name>:8850. For more information, see Sign in to Tableau Services Manager Web UI.
Click User Identity &Â Access on the Configuration tab and then click Authentication Method.
Under Authentication Method, select OpenID Connect in the drop-down menu.
Under OpenID Connect, select Enable OpenID authentication for the server.
Enter the OpenID configuration information for your organization:
Note: If your provider relies on a configuration file hosted on the local computer (rather than a file hosted at a public URL), you can specify the file with the tsm authentication openid <commands>. Use the --metadata-file <file_path> option to specify a local IdP configuration file.
Click Save Pending Changes after you've entered your configuration information.
Click Pending Changes at the top of the page:
Click Apply Changes and Restart.
The procedure in this section describes how to use TSMÂ command line interface to configure OpenIDÂ Connect. You can also use a configuration file for the initial configuration of OpenID Connect. See openIDSettings Entity.
Use the configure command of tsm authentication openid <commands> to set the following required options:
--client-id <id>: Specifies the provider client ID that your IdP has assigned to your application. For example, âxxxkjwdlnaoiloadjkwha".
--client-secret <secret>: Specifies the provider client secret. This is a token that is used by Tableau to verify the authenticity of the response from the IdP. This value is a secret and should be kept securely. For example, âxxxhfkjaw72123=".
--config-url <url> or --metadata-file <file_path>: Specifies location of provider configuration json file. If the provider hosts a public JSON discovery file, then use --config-url. Otherwise, specify a path on the local computer and file name for --metadata-file instead.
--return-url <url>:Â The URL of your server. This is typically is the public name of your server, such as "http://example.tableau.com".
For example, run the command:
tsm authentication openid configure --client-id âxxxkjwdlnaoiloadjkwha" --client-secret âxxxhfkjaw72123=" --config-url "https://example.com/openid-configuration" --return-url "http://tableau.example.com"
There are additional, optional configurations that you can set for Open ID Connect using either openIDSettings Entity or tsm authentication openid <commands>. In addition, if you need to configure IdP claim mapping, see Options for openid map-claims.
Type the following command to enable Open IDÂ Connect:
tsm authentication openid enable
Run tsm pending-changes apply to apply changes.
If the pending changes require a server restart, the pending-changes apply command will display a prompt to let you know a restart will occur. This prompt displays even if the server is stopped, but in that case there is no restart. You can suppress the prompt using the --ignore-prompt option, but this does not change the restart behavior. If the changes do not require a restart, the changes are applied without a prompt. For more information, see tsm pending-changes apply.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4