For Tableau server and Shiny server, where to add api to implement SSO?

tctang · April 30, 2018, 4:16am

Hello everyone,

Being a conservative developer, I’m still trying to understand how Auth0 and javascripts create api for our application servers. Thanks in advance.

I have Tableau server up with OpenID set to use Auth0 for authentication. I created an application w/ client ID and client secret in Auth0. The setup works well. Users are redirected to Auth0 login page. Once users’ credential being authorized, it will redirect back to allowed callback Tableau url. Now, I have Shiny server up running which has same setup as Tableau server. Users are being asked for credential from Auth0 login page. The users are redirected to Shiny url as stated in allowed callback url.

I assume after logged to Tableau server, I’d be able to open the Shiny app url without being asked for auth0 login page. However, users are being asked for credential again for Shiny. Both applications in Auth0 settings have enabled the “Use Auth0 instead of the IdP to do Single Sign On” . But, the SSO cookie deosn’t seem being pass between the two applications.

I followed this sample tutorial ( Single Sign-On ) But it doesn’t work in my case, as my servers are already up running on their own. Adding .js on those servers may not be the best way.

Is any of these works?

Creating APIs for each application on the Auth0 Mange page could solve my problem? But I don’t see the section/page to type in coding?
Creating a custom hosted page could make the applications “talk” to each other. But that’s one general page for all. I don’t see a straight tutorial about that works with two different client IDs.

I probably not having a right mindset on how the sso. Please shed some light on this sso setting.

Thank you.
TravisT

jerdog · April 30, 2018, 5:58pm

Did you have a look at:

TCT · May 3, 2018, 6:16pm

Thanks Jeremy, we have decided to use hosted page with its lock.js template. The lock works fine. But login shows when the first time switch to other apps. If silent authentication is available to lock.js, that would be my solution.

TravisT

TCT · May 11, 2018, 9:32pm

Is the lock hosted page capable to achieve silent authentication sso?

I have Shiny Server Pro and Tableau server both have been configured as regular web app in Auth0 with single sign one enabled. Lock hosted page will redirect users to Auth0 login page when accessing any of the two apps. I have Nginx revere proxy to auth0 for login credential then redirect to my apps. Everything works fine separately. But if I logged on Tableau and then access Shiny, user is redirected to auth0 login page with last login info showing. User has to do one click to continue. If SSO works, there shouldn’t be a page asking for a click.

I think there is something to do with the auth_proxy in shiny.conf. Auth0 is supposes to pass user to shiny. Is there any options in the hosted page need to add in order to pass the value?

In the Nginx.conf, I have the line to pass external user
proxy_set_header X-USER $user;

in the Shiny.conf, I have
auth_proxy X-USER;

kimcodes · September 13, 2018, 1:26pm

@TCT This was some time ago but were you able to solve your SSO issue? We should be possible to check for an available session and, if found, continue with the authentication process as if the user pressed the “last time you logged in with …” button. An example of this can be found here