Test Trusted Authentication


The steps below provide a method you can use to test retrieving a trusted ticket from your web server. This simple test can help evaluate connectivity between the web server and Tableau Server, and whether or not trusted authentication has been configured correctly.

Important: The test code provided in this topic runs client-side in the browser to provide a quick, visual validation that trusted authentication is configured correctly on Tableau Server. If the client browser loading the html page is not on the trusted web server, you may have to temporarily trust the client IP. In practice, you should never trust client IP addresses as part of your trusted authentication configuration. All trusted IP addresses are able to request tickets as any user including your administrator. In a production environment, all trusted authentication flows should run server-side, between Tableau Server and the trusted web server(s) only.

Because the test is run on a client browser, the test isn't an exact replica of the communication path in a production environment. After successfully running the test, we recommend that you then test requesting tickets for your users with a server-side post request for final verification.

An alternative testing method is to run a trusted ticket generator to test your configuration. The following URL references a trusted ticket generator that is not supported by Tableau. However the generator has been used by many customers to test their trusted ticket configuration: https://github.com/mkannan-tsi/Trusted-Ticket-Generator(Link opens in a new window).

Step 1: Add a test user

Create a user on the Tableau Server that you can use to test trusted ticket functionality. See Add Users to Tableau Server. Add that user to a site on the server, and set the user's site role to Explorer.

Step 2: Create a test HTML page

Paste the following code into a new .html file that you save on the Tableau Server machine where you're performing the test from. You can change the labels and style attributes as you prefer.

<html>
<head>
<title>Trusted Ticket Requester</title>
<script type="text/javascript">
  function submitForm(){
    document.getElementById('form1').action =
    document.getElementById('server').value + "/trusted";
  }
</script>
<style type="text/css">
  .style1 {width: 100%;}
  .style2 {width: 429px;}
  #server {width: 254px;}
</style>
</head>
<body>
<h3>Trusted Ticketer</h3>
<form method="POST" id="form1" onSubmit="submitForm()">
  <table class="style1">
    <tr>
      <td class="style2">Username</td>
      <td><input type="text" name="username" value="" /></td>
    </tr>
    <tr>
      <td class="style2">Server</td>
      <td><input type="text" id="server" name="server" value="https://" /></td>
    </tr>
    <tr>
      <td class="style2">Client IP (optional)</td>
      <td><input type="text" id="client_ip" name="client_ip" value="" /></td>
    </tr>
    <tr>
      <td class="style2">Site (leave blank for Default site; otherwise enter the site name)</td>
      <td><input type="text" id="target_site" name="target_site" value="" /></td>
    </tr>
    <tr>
      <td class="style2"><input type="submit" name="submittable" value="Get Ticket" /></td>
      <td>&#160;</td>
    </tr>
  </table>
</form>
<h4>Be sure to add your IP as a Trusted IP address to the server</h4>
</body>
</html>

Step 3: Retrieve a trusted ticket from Tableau Server

The following procedure will return a trusted ticket from Tableau Server.

  1. Open the web page that you created in the previous step.

    This operation requires JavaScript, so the web browser might prompt you to allow scripts to run.

  2. In the text boxes, enter the following:

    • Username: The test user that was created in Step 1.
    • Server: the address of your Tableau Server, e.g., https://<server_name>.
    • Client IP (optional): The IP address of the user's computer, if it's configured for client trusted IP matching.
    • Site: The name of the Tableau Server site that the test user is a member of.

  3. Click Get Ticket. One of the following will be returned:

    • A unique ticket: A trusted ticket is a string composed of a base64-encoded UUID and a 24-character random string, for example, 9D1OlxmDQmSIOyQpKdy4Sw==:dg62gCsSE0QRArXNTOp6mlJ5.
    • -1: If the value, -1 is returned, the configuration contains an error. See Ticket Value of -1 Returned from Tableau Server.

Step 4: Test access with trusted ticket

Now that you have a ticket, you can use it to access content on Tableau Server.

Construct a URL with the unique ticket that you generated in the previous step to verify access with the trusted ticket. The URL syntax is different if you are accessing a Tableau Server with a single site vs a server that hosts multiple sites.

Default site server URL

https://<server_name>/trusted/<unique_ticket>/views/<workbook_name>/<view_name>

Non-default site server url

https://<server_name>/trusted/<unique_ticket>/t/<site_name>/views/<workbook_name>/<view_name>

Variables in the URLs are indicated by angle brackets (< and >). All other syntax is literal.

Back to top
Thanks for your feedback!Your feedback has been successfully submitted. Thank you!