Due to the Tableau Web Application Server implementation and security considerations, there are a few requirements on the MetaKarta setup
For security reasons, the Tableau Server can only call an HTTPS (SSL based URL). Therefore, SSL must be configured on the MIMMerver. More details may be found in the deployment guide. As a side note, you cannot use a self-signed certificate to establish connectivity as Tableau does not trust self-signed certificates due to their security policies.
The Tableau server intentionally uses the X-Frame-Options header
to prevent cross-origin framing (embedded in <iframe>) as explained in
this
article:
https://kb.tableau.com/articles/issue/error-url-refused-to-connect-occurs-in-the-web-page-objects-after-publishing
Consequently, the security policy of the MetaKarta server Tomcat Server must be configured accordingly for frame ancestors, by editing the file:
$MM/tomcat/conf/web.xml
Either by setting the frame ancestor to any as follows:
frame-ancestors 'self' *;
or better by limiting it to the top domain as follows:
frame-ancestors 'self' *.MyCompany.com;
The Tableau server is implemented in such a way that it does a cross site request (which is not ideal from the security perspective), but somewhat mitigated by requiring HTTPS.
Consequently, the context of the MetaKarta server Tomcat Server must be configured accordingly for same site cookies by editing the file:
$MM/tomcat/conf/MetaIntegration/localhost/context.xml.default
switching the sameSiteCookies from lax to none to allow the web browser to store the cross site cookie:
<CookieProcessor sameSiteCookies="none" />