Thanks for your feedback.
Want to tell us more? Send us an email to leave your feedback.
The REST API provides authentication end points to initiate a session with the Intelligence Server. It supports multiple authentication modes such as Standard, LDAP, SAML, and so on.
The diagram below shows the workflow when the MicroStrategy REST API is used to authenticate a user.
The client needs to persist the authorization token and all cookies (session, load balancer and so on), and provide them in each subsequent request. In the case of a web application, the browser handles the cookies.
The MicroStrategy REST server maintains an HTTP session for every client connecting to it.
To use the REST API for session management, you should be familiar with the following terms:
Once the REST API layer has validated the user's credentials using the specified authentication modes, it initiates a session with the Intelligence Server and creates a unique authorization token for the client. Using an authorization token allows the API layer to hide internal session-related implementations such as managing different project-specific sessions.
The MicroStrategy REST framework currently relies on an HTTP session. The Java EE server (for example, Tomcat) sends a session cookie in the response header for the client to maintain. If a browser is handling requests, it will also handle the cookies. However, if you are using your own client, you need to maintain the cookie and include it in further requests, together with the authorization token.
There are two timeout settings that need to be considered.
HTTP session timeout
The HTTP session timeout is managed by the application container. It can be configured in /WEB-INF/web.xml.
Sample code is shown below for configuring the HTTP session timeout in the web.xml file when Tomcat is used as the application container.
The value of the timeout is set in minutes.
Intelligence Server session timeout
The Intelligence Server session timeout can be configured in the Intelligence Server settings.
The value of the HTTP session timeout must be greater than the value of the Intelligence Server session timeout.
Thanks for taking the time to give us some feedback.
Why wasn't this helpful? (check all that apply)