tabauth is a thin wrapper service over Tableau Server's Trusted Authentication Endpoint that allows other servers, to authenticate using BasicAuth over https. tabauth removes any requirement for consuming applications to have static IP addresses.
Usage of ./tabauth:
-bind string
the address to bind the tabauth server to (default "0.0.0.0:1443")
-endpoint string
the url for tableau server (default "http://localhost")
These instuctions presume that you are running tabauth on the same server as Tableau Server. If you are running tabauth on another server, you will need to ensure that you have a static ip addess, and modify the instuctions for setting up Tableau Server appropriately.
This program is designed to be portable, so does not include any Windows Service
functionality. We recommend running it with NSSM.
Prebuilt binaries for Windows/amd64 are avalible on the releases page
- Create
C:\Program Files\tabauth\
(for example, put it wherever you like, but if its not here you may have to mess with permissions) - Copy
tabauth.exe
toC:\Program Files\tabauth\
- Copy
cert.pem
andkey.pem
toC:\Program Files\tabauth\
, you may be provided these by your CA or can generate your own self-signed certificate - Add accounts.json to
C:\Program Files\tabauth
example - Setup the service using nssm:
nssm install tabauth 'C:\Program Files\tabauth\tabauth.exe' '-endpoint=https://tableau.reevoo.com' '-bind=:1443'
You may also want to adjust details like Logging etc:
nssm edit tabauth
Then start the service
nssm start tabauth
In order for Tableau Server to "trust" tabauth, we need to configure it thus:
- Get to the tabadmin command -
cd C:\Program Files\Tableau\Tableau Server\9.1\bin
- Stop tableau server -
tabadmin stop
- Set localhost as trusted -
tabadmin set wgserver.trusted_hosts "yourhost"
- Reload config files -
tabadmin config
- Restart tableau server
tabadmin start
You can request an access ticket for any user on your Tableau server:
$ curl --user user:password https://your-tableau-server/user/user-name/ticket
1gfuPluHbQbRv-VVNr44ecTH
You may restrict the tickets use by client IP address:
$ curl --user user:password https://your-tableau-server/user/user-name/ticket?client_ip=10.10.10.10
vgLDqQwHx_09iiUUDZwFPacZ
If want to do this you will need to configure Tableau Server to check the client IP on redeeming the ticket.
tabadmin set wgserver.extended_trusted_ip_checking true
tabadmin configure
tabadmin restart
If you are using a site other than the default one, you will need to specify a site id
$ curl --user user:password https://your-tableau-server/user/user-name/ticket?site_id=a4134fe9-d7ee-6783-88e9-a5eeb1f40476
vgLDqQwHx_09iiUUDZwFPacZ
You need go:
On OSX With Homebrew:
brew install go
Or follow these instructions for other platforms
This project is tested
You can run the tests from the command line:
$ go test
`
## Building
To build the `.exe` for windows:
Make sure you have go 1.5+ installed:
```bash
$ go version
go version go1.5 darwin/amd64
Then you can cross compile for windows, by setting GOOS and GOARCH appropriately
$ env GOOS=windows GOARCH=amd64 go build tabauth.go
This software is licenced under The MIT License (MIT)