Tableau SAML auth
Paul B. Henson
henson at cpp.edu
Wed Aug 31 19:06:53 EDT 2016
On Wed, Aug 31, 2016 at 07:17:37PM +0000, Cantor, Scott wrote:
> It's SAML, whether it's ADFS or Shibboleth. The issue is what they
> require, not the details of how any given IdP happens to produce it.
Granted; but the details of how to make the IdP I happen to use produce
it sure make *my* life easier ;).
> It's just badly worded.
Badly worded seems to be their forte. Another part of their
documentation says you must have "An RSA or DSA private key file that
is not password protected" and yet also "The certificate key file must have
the passphrase embedded in it" 8-/.
> value, and tell it to use that Name. If it turns out they don't
> support URI names, that would have to become clearer only after trying
> it and then you can switch to plan B.
Hmm. Yah, I guess we're going to try and feed it the attribute we
already have with a username in it and see what happens.
> > It also looks like it doesn't support encrypted assertions.
>
> No, which is probably more common than supporting them at this point.
<sigh>. At least it's easy in v3 to turn it off.
For the archives, the metadata it generates includes an index and
isDefault attribute for the SingleLogoutService entry which is seems the
idp parser doesn't like. After stripping that out the rest seems to load
ok.
Well, my Windows colleague is just about done setting up his side, so I
guess it's about time to cross our fingers and see what happens on the
first try.
--
Paul B. Henson | (909) 979-6361 | http://www.cpp.edu/~henson/
Operating Systems and Network Analyst | henson at cpp.edu
California State Polytechnic University | Pomona CA 91768
More information about the users
mailing list