Setting up the MM Application to receive URL Call Back from the Tableau Server

Due to the Tableau Web Application Server implementation and security considerations, there are a few requirements on the Talend Data Catalog setup

Tomcat Server SSL Configuration (HTTPS)

For security reasons, the Tableau Server can only call an HTTPS (SSL based URL). Therefore, SSL must be configured on the Talend Data Catalog server. More details may be found in the deployment guide. As a side note, you cannot use a self-signed certificate to establish connectivity as Tableau does not trust self-signed certificates due to their security policies.

Tomcat Server Security Policy for Frame Ancestry

The Tableau server intentionally uses the X-Frame-Options header to prevent cross-origin framing (embedded in <iframe>) as explained in this article:
‎https://kb.tableau.com/articles/issue/error-url-refused-to-connect-occurs-in-the-web-page-objects-after-publishing

Consequently, the security policy of the Talend Data Catalog server Tomcat Server must be configured accordingly for frame ancestors, by editing the file:

$MM/tomcat/conf/web.xml

Either by setting the frame ancestor to any as follows:

frame-ancestors 'self' *;

or better by limiting it to the top domain as follows:

frame-ancestors 'self' *.MyCompany.com;

Tomcat Server Context for Cross Site Cookies

The Tableau server is implemented in such a way that it does a cross site request (which is not ideal from the security perspective), but somewhat mitigated by requiring HTTPS.

Consequently, the context of the Talend Data Catalog server Tomcat Server must be configured accordingly for same site cookies by editing the file:

$MM/tomcat/conf/MetaIntegration/localhost/context.xml.default

switching the sameSiteCookies from lax to none to allow the web browser to store the cross site cookie:

<CookieProcessor sameSiteCookies="none" />