MicroStrategy ONE

Adding a New Trusted Authentication Provider

MicroStrategy Web provides out-of-the-box support, with pre-configured properties, for three identity management applications—CA SiteMinder, IBM Tivoli Access Manager, and Oracle Identity Manager. It is also possible to customize MicroStrategy Web to use a custom SSO authentication provider, such as RSA. To perform this customization, you need to know the exact HTTP header variable name for the user login information. In addition, if synchronization with LDAP is needed, you also need to know the exact HTTP header variable name for the Distinguished Name of the user. Once you know the names of the header variables used by the SSO authentication provider that you are adding, you simply configure MicroStrategy Web to look for these header variables when it receives a request from the SSO provider.

This customization can be accomplished by changing one setting on the MicroStrategy Web Administrator page and adding an associated property value using the Web Customization Editor.

MicroStrategy SDK provides a Web Customization Editor that can be used to create a customization plug-in. The following steps guide you in changing one setting on the MicroStrategy Web Administrator page and using the Web Customization Editor to create a plug-in that provides an associated property value. 

  1. Log in to MicroStrategy Web Administrator and do the following on the MicroStrategy Web Administrator page: 

    1. In the left-hand pane, choose Default properties under WEB SERVER

    2. In the right-hand pane, under Login, select "Custom SSO" from the drop-down list for Trusted Authentication Providers

    3. Click the Save button. 

    4. Close MicroStrategy Web Administrator. 

  2. Launch the Web Customization Editor

  3. Click on MicroStrategy Web Configuration inside the Application Settings view to expand the hierarchical tree. The expanded list comprises the different settings that can be modified to perform customizations. 

  4. Click on Property Files to gain access to the property files used in MicroStrategy Web. 

  5. Under Property Files, navigate to WEB-INF -> classes -> resources and double-click the custom_security.properties file to launch the Web Properties Editor

  1. On the Web Properties Editor, provide the values for the header variables that will be used by the custom single sign-on provider for authentication. 

    1. In the Property/Value pane, the LoginParam property is listed with "YourCustomAppsLoginParamHere" as the value. 

    2. Right-click the LoginParam property and choose Edit from the context menu. The Edit dialog displays. 

    3. On the Edit dialog, replace "YourCustomAppsLoginParamHere" with the name of the header variable that the custom single sign-on provider will use for authentication. 

    4. Click OK to close the Edit dialog. The header variable value you entered is now displayed as the Value for the LoginParam property. 

    5. If synchronization with LDAP is needed, enter DistinguishedName in the field below the properties pane. (You may need to scroll down to see this field.) 

    6. Click the Add button and DistinguishedName is listed below the LoginParam property in the properties pane. 

    7. Click in the Value column for the DistinguishedName property and enter the name of the header variable that will supply the Distinguished Name of the user for LDAP synchronization. 

  2. Save your changes. 

  3. Launch MicroStrategy Web to confirm that the custom single sign-on provider is successfully used when the authentication mode is set to "Trusted authentication".

    This is applicable for both HTTP and HTTPS requests.

For specific settings that affect whether customization changes are applied automatically or require a restart of the Web server, see Applying customization changes to the application.