Guide to Tableau Server: Blog Posts and Tableau's Trusted Authentication

It has become common practice among site administrators, analysts and developers alike to leverage Tableau's JavaScript API with the goal of embedding custom content into websites and blog posts.  Further interest has surrounded the ability to skip Tableau's server-side login and allow open access to embedded content owned by the administrator and hosted through their licensed Tableau Server.  When configured properly, Tableau's Trusted Authentication System will offer this capability.  This post goes through the 3 step process of getting to a trusted relationship with Tableau Server using wordpress and PHP. 

Step 1: Setup your TRUSTED HOSTS


Tableau Server uses the tabadmin module to load trusted ip's into it's internal list of trusted hosts.  Specifically, any requests sent by a trusted host will be excused from server login.  To add your website's host machine to Tableau's trusted hosts, access tabadmin from your server's command-line-interface and execute:

bin> tabadmin set wgserver.trusted_hosts "xxx.xxx.xx1, xxx.xxx.xx2, ..."

xxx.xxx.xxx being a comma separated list of ip addresses to be added to the internal hosts list.  With the list complete, restart Tableau Server with:

bin> tabadmin restart

Your host machine is now a trusted host.




Step 2: Create TRUSTED TICKETS


Adding the host machine to Tableau's list of trusted hosts does not allow for the unchecked rendering of Tableau content per se, but rather allows for the requesting and receiving of "trusted tickets" between server and your machine.  A ticket is a nine digit verification string Tableau Server uses to verify that the host machine is indeed trusted.  When a remote request is sent to server for content, server will check for the machine's address in it's list of trusted hosts.  If there is a match, server will send a ticket in response, which the host will wrap in a custom url that it in turn sends back to server for final exposure of the desired Tableau content, whether it is a dashboard, view, workbook, etc. None the less, the host machine must be configured to receive a trusted ticket. 


Step 3: CONFIGURE THE HOST 


Not only will the host need to be configured to receive tickets, it will need to be further configured to continuously receive tickets on-the-fly in order to prevent tickets from expiring, ending in an unpleasant ticket expiration error on your site where Tableau content should be, a result extending from the fact that trusted tickets are only valid on a per session basis. Specifically, any page refreshes or page navigation will result in ticket expiration. To configure the host to handle tickets properly in terms of blog posting, the following internal functionality should be established:

1.)  Request and receive tickets from the server.

2.)  Update posts with a new ticket each session. 

The HTML of a typical post using a trusted ticket for verification will resemble:


<script type="text/javascript" src="http://xxx.xxx.xxx/javascripts/api/viz_v1.js"></script>
<object class="tableauViz" width="700" height="500" style="display:none;">
    <param name="name" value="path/to/content" />
    <param name="ticket" value="123456789" />
</object>           



The object is to update the HTML on a per session basis, giving the sites file system access to the post content. The text above will serve as a template for the current post or any future posts. Create a new file called "post.txt" within your site's theme directory using the above HTML. 

In addition, it becomes necessary to update the post on a per session basis, in the main functions file within the site's theme directory, the following code will update the ticket as necessary:

Function get_trusted_ticket($user) {
  $params = array(
  'username' => $user
  );

  return http_parse_message(http_post_fields("http://MYHOST/trusted", $params))->body;

}

// Get the ticket

$ticket = get_trusted_ticket('administrator');

// Update the newly created "post.txt" file

$File = 'post.txt';
$data = file_get_contents($File);
$newvar = "\"" .$ticket. '"';
$data = preg_replace('/value="[0-9]*"/', "value=$newvar", $data);
file_put_contents($File, $data);

// Update the post per session

$Vdata = file_get_contents('post.txt');

$my_post = array();
$my_post['ID'] = MYPOST_ID;
$my_post['post_content'] = $Vdata;

wp_update_post($my_post);
 


The example above is written in PHP and involves a wordpress driven blog site that leverages internal wordpress hook functions.  The specific functions or methods offered to access front-end content may differ from site to site, but in each instance the solution follows the same formula.  Solutions may be formulated in any language that supports POST/GET requests. 

1 comment:

  1. Hello,

    I have some questions regarding this. I got an error at " return http_parse_message." Are there some steps you left out?

    Thanks,

    Joe

    ReplyDelete