trustedAuthenticationSettings Entity
Before you configure trusted authentication, review Trusted Authentication.
Use the configuration file template below to create a json file. After you have filled in the options with the appropriate values, pass the json file and apply settings with the following commands:
tsm settings import -f /path/to/file.json
tsm pending-changes apply
If the pending changes require a server restart, the pending-changes apply
command will display a prompt to let you know a restart will occur. This prompt displays even if the server is stopped, but in that case, there is no restart. You can suppress the prompt using the --ignore-prompt
option, but this does not change the restart behaviour. If the changes do not require a restart, the changes are applied without a prompt. For more information, see tsm pending-changes apply.
Configuration template
Use this template to configure trusted authentication settings.
Important: All entity options are case sensitive.
For more explanation about configuration files, entities and keys see Configuration File Example.
After you have finished with the initial configuration of trusted authentication, use the tsm authentication trusted <commands> sub-category to set additional values.
{ "configEntities": { "trustedAuthenticationSettings": { "_type": "trustedAuthenticationSettingsType", "trustedHosts": ["webserv1","webserv2","webserv3"] } } }
Configuration file reference
The following list includes all of the options that can be included with the "trustedAuthenticationSettings"
entity set.
- trustedHosts
Required.
IP address or host names of web servers that request trusted tickets from Tableau Server.
This option takes a list of strings, which requires passing each IP or host in quotes, separated by a comma (no space) and within brackets. For example:
["192.168.1.101","192.168.1.102","192.168.1.103"]
or["webserv1","webserv2","webserv3"]
.The values you specify overwrite previous settings. Therefore, you must include the full list of hosts when you configure this value.
- tokenLength
Optional.
The value can be set to any integer between 9 and 255, inclusive.
Determines the number of characters in each trusted ticket. The default setting of
24
characters provides 144 bits of randomness. This option is ignored unlessuseV2Tickets
is set totrue
, which is not a recommended best practice.
- logLevel
Optional.
all
|debug
|info
|warn
|error
|fatal
|off
Default:
info
Specifies logging level for processes related to creating and redeeming trusted tickets. See Change Logging Levels.
- timeoutInSeconds
Optional.
Default:
180
Specifies the length of time (in seconds) to invalidate trusted tickets after they are created.
- tryCount
Optional.
Integer.
Default:
10
Specifies the number of times to attempt to create a trusted ticket entry.
- use9DigitToken
Optional.
true
|false
Default:
false
When set to
true
, tickets are 9 digits long (as in version 8.0 and earlier) and the optiontokenLength
is ignored. This option is intended for temporary support of legacy code.Warning: Setting this option to
true
severely and negatively impacts the security strength of trusted ticket authentication.
- useV2Tickets
Optional.
true
|false
Default:
false
Specifies whether Tableau Server should return a legacy URL format for trusted ticket requests. The legacy URL format includes a 24 character, Base64-encoded string. Beginning with Tableau Server 10.3, the URL that is returned has been updated and includes a Base64-encoded UUID and a 24 character secure random string. Only set option this to
true
if you have deployed trusted tickets with custom code that requires the legacy URL format. We recommend instead, updating your custom code to accept the new URL format.