MicroStrategy ONE

MicroStrategy Library Server Configuration Properties

The configOverride.properties is located in:

Windows: C:\Program Files (x86)\Common Files\MicroStrategy\Tomcat\apache-tomcat-x.x.xx\webapps\MicroStrategyLibrary\WEB-INF\classes\config\configOverride.properties

Linux: <TOMCAT_INSTALL_DIRECTORY>/webapps/MicroStrategyLibrary/WEB-INF/classes/config/configOverride.properties

This file includes the following properties:

Property Specifies
Authentication Mode Settings
auth.modes.available The number of different authentication modes exposed through the UI. Use commas to separate multiple values.
  • 1: I-Server Standard authentication
  • 8: I- Server Guest Authentication
  • 16: I-Server LDAP authentication
  • 64: I- Server Security Plugin Authentication (Trusted)
  • 128: Kerberos Authentication
  • 1048576: SAML Authentication
  • 4194304: OIDC Authentication

auth.trusted.provider When Trusted authentication is selected as available or default authentication mode, a provider of this authentication must be chosen.
  • 1: Tivoli
  • 2: SiteMinder
  • 3: Custom
  • 4: OracleAccessManager
  • 6: Ping
Intelligence Server Configuration
iserver.default.hostname The hostname of the Intelligence server to connect to.

Default: NONE (must provide value)

iserver.default.port The port of the Intelligence server to use.

Default: NONE (must provide value)

iserver.initialPoolSize The initial pool size of HTTP(S) connection threads

Default: 10

iserver.maxPoolSize The pool size of maximum allowed HTTP(S) connection threads

Default: 100

iserver.requestTimeout Socket connection timeout in milliseconds for I-Server request

Default: 120000

iserver.tlsEnabled

Set to true if Intelligence server is TLS enabled but with a private Root CA certificate or a self-signed certificate. In this case, a trustStore file and its password must be provided For Intelligence server that is TLS enabled with a public Root CA certificate, set to false.

Default: false

Collaboration Server Configuration
services.collaboration.enabled Whether the Collaboration server is enabled

Default: false

services.collaboration.baseURL The URL path to the Collaboration server

Default: NONE

services.collaboration.tlsEnabled

Set to true if Collaboration server is TLS enabled but with a private Root CA certificate or a self-signed certificate. In this case, a trustStore file and its password must be provided For Collaboration server that is TLS enabled with a public Root CA certificate, set to false.

Default: false

Modeling Service Configuration

services.MicroStrategy-Modeling-Service.baseURL

The URL path to the Modeling service.

Default: NONE

services.MicroStrategy-Modeling-Service.scheduleEnabled

Once enabled, the status of the modeling service cluster is refreshed every 30 seconds.

Default: true

services.MicroStrategy-Modeling-Service.tlsEnabled

Set to true if the Modeling service is HTTPS enabled, but with a private Root CA certificate or self-signed certificate. In this case, a trustStore file and its password must be provided. For a Modeling service that is HTTPS enabled with a public Root CA certificate, set to false.

Default: false

IdentityToken Configuration
identityToken.secretKey Allow services such as Collaboration server or Modeling service to validate user session.

Secret key phrase (spaces allowed) for signing web token.

Default: NONE (must provide value)

identityToken.algorithm Token Algorithm

Default: HS512

identityToken.timeToLiveSeconds Time to live for token in seconds.

Default: 300

SSL/TLS Configuration
trustStore.path

If Intelligence server, Collaboration server, and/or Modeling service is TLS enabled but with a private Root CA certificate or self-signed certificate, a trust store file is required.

The relative path (inside the WAR file) to the Trust Store file.

Also, supports Optional prefix classpath: (for a class path resource) or file: (for an absolute path):

  • Example (Relative path): trustStore.path=/WEB-INF/truststore.pfx
  • Example (absolute path - windows): trustStore.path=file:c:/tmp/truststore.pfx
  • Example (absolute path - unix): trustStore.path=file:/tmp/truststore.pfx
  • Example (class path): trustStore.path=classpath:config/truststore.pfx

Default: NONE

trustStore.passphrase The passphrase used in the construction of the Trust Store file

Default: NONE

Server Configuration
session.workingSet The number of recent reports/documents kept in memory for manipulation. Will apply to all users who connect to the server

Default: 10

session.searchWorkingSet The maximum number of concurrent searches which stay in memory. Will apply to all users who connect to the server

Default: 3

Web/Mobile Server Properties
mobile.configuration.folder The relative path to Mobile resources (inside the WAR file)

Default: NONE

customCss.excludePlugins Exclude the list of custom plugin folder to not load the custom css files. This property will take a list of comma-separated customization plugin names.
security.allowAllOrigins Specifies valid parents domain origin that may be using dashboard embedded analytics. If set to true, all the origin will be allowed. This is not recommended.

security.allowedOrigins = https://www.google.com/, https://www.google.fr/

security.allowedOrigins

Specifies valid parents domain origin that may be using dashboard embedded analytics. The list of allowed origins will be appended to Content-Security-Policy=frame-ancestors. The request URLs affected by these constraints are defined in the GlobalHeaders filter of the web.xml

security.allowedOrigins=https://www.google.com/, https://www.google.fr/

security.userInput.allowHtmlOnPromptDesc

Configures whether or not to allow HTML on the prompt tile and description.

security.userInput.allowHtmlOnPromptDesc=false

auth.kerberos.config

The configuration file location.

auth.kerberos.config=/opt/tomcat/krb5.conf

auth.kerberos.keytab

The host keytab location.

auth.kerberos.keytab=/opt/tomcat/file.keytab

auth.kerberos.principal

Host Service Principal Name (SPN)

auth.kerberos.principal=HTTP/live.demo.microstrategy.com

auth.kerberos.islnitiator

{True/false] miscellaneous options

auth.kerberos.isInitiator=false

security.error.overridelserverErrorMessage

Configures whether to override the unhandled iserver error message with the customErrorMessage.

security.error.oerridelserverErrorMessage=false