OneLogin SAML assertion - does it authenticate the user for the app specified

0
votes

I am trying to build an app in Laravel that uses the OneLogin API to provide a seamless integration with their data. Part of the users' data is displayed in an embedded Tableau view (hosted on Tableau Online).

  • I have successfully added the Tableau app in OneLogin.
  • I have also setup the SAML authentication - working
  • Laravel app can get a token and assertion via API from OneLogin

My understanding is that the SAML assertion is supposed to authenticate the user whose details were sent as part of the assertion, however, after receiving the assertion and redirecting to the view with the embedded Tableau view, the user is prompted to log in.
This kind of defeats the purpose of the assertion.

User prompted to log in:

User prompted to log in

Application storage:

Application storage

Am I missing (misusing) the purpose of the assertion?
Should the assertion be added to the session?
How can I authenticate the user once without having them providing credentials for all the services used in the app?

1
laraveltableau-apisamlonelogin
Is the user prompted to login to Tableau Online or to the data source (ie database password)? A screen shot might help. And I'm assuming you've followed the SAML-Tableau online integration steps at onlinehelp.tableau.com/current/online/en-us/….Sam M
Evening Sam. Yes, th euser is prompted to log in to Tableau. If I change the settings on Tableau to allow only OneLogin, the user also gets promted to enter their credentials, but then the OneLogin "Home" screen gets loaded into the iframe. Will add a screen shot asapavn
Yes, I have also followed the steps, I can access tableau from OneLogin portal.avn

1 Answers

0
votes

I think you missed to enable iframe embedding.

When you enable SAML on your site, you need to specify how users sign in to access views embedded in web pages. These steps configure OneLogin to allow your OneLogin dashboard to be embedded into an inline frame (iFrame) on another site. Inline frame embedding may provide a more seamless user experience when signing-on to view embedded visualizations. For example, if a user is already authenticated with your identity provider and iFrame embedding is enabled, the user would seamlessly authenticate with Tableau Server when browsing to pages that contain an embedded visualizations.

Reference: https://onlinehelp.tableau.com/current/online/en-us/saml_config_onelogin.htm#enable-iframe-embedding