MicroStrategy ONE

Getting custom information from the authentication token

This example demonstrates how to customize authentication if you use a third-party identity provider, such as Ping or Tivoli, to provide single sign-on (SSO) and need to extract custom information from the authentication token. Identity providers typically use a token to return information about the authenticated user, and they provide a Java library with code that uses the information in the authentication token to support single sign-on.

Customizing the authentication token requires some Java programming. You make changes to an XML configuration file, but you also make changes to a Java class file. You write custom Java code that extracts user information from the token and uses it to populate the SSOIServerCredentials object, which is later used by the Authentication Filter code to create a session on the Intelligence Server.

To help you get started, we have provided a sample project that you can download. It contains the files used to perform this customization. You can use the code in the files as the basis for creating your own customization.

This customization can be used only with Trusted authentication mode.

Prerequisites

  • MicroStrategy Library is deployed
  • MicroStrategy Intelligence Server is running
  • A trust relationship has been set up between the REST Server and the Intelligence Server
  • You use an external identity provider that passes information about the authenticated user in a token
  • You have Java programming experience

Java and XML files used for the customization

  • CustomCredentialsProvider.java

  • TrustedConfig.xml

This example assumes that the SSO company used by the customer provides a Java library for accessing the identity token. The library consists of two classes classes in the com.acme.sso package.

To see what the customization code looks like and try out the customization in MicroStrategy Library, follow the instructions below.

  1. Download the sample project and extract the contents.
  2. Generate the files that perform the customization.
    1. Open the sample project in Eclipse.
    2. Configure the project for your environment.

      1. Open Project Properties -> Java Build Path -> Libraries.
      2. In the Libraries pane, change the location for the following JAR files so that they point to those JARs in your environment.

        • javax.servlet-api-3.1.0.jar
        • restful-api-1.0-SNAPSHOT-jar-with-dependencies.jar
    3. Customize the code in the two files that perform the customization—the Java class for the custom bean and the XML configuration file. You can use the files in the sample as-is or you can do your own customization. For example, you can add different code to the Java class for the custom bean, and you can also change the name of the custom bean class and the out-of-the-box bean that it will override.

      • CustomCredentialsProvider.java is the Java class for the custom bean. It contains custom code that extracts user information from the token.

      • TrustedConfig.xml is the configuration file that injects the custom code into the application. It tells MicroStrategy Library to override a specified out-of-the-box bean with a specified custom bean at runtime. In the code sample below, CustomCredentialsProvider, the Java class you created above, overrides the out-of-the-box class, trustedIServerCredentialsProvider.

        Copy
        <?xml version="1.0" encoding="UTF-8"?>
        <beans xmlns="http://www.springframework.org/schema/beans"
               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
               xmlns:context="http://www.springframework.org/schema/context"
               xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
               http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.1.xsd">
            <!-- Override IServer credentials provider with custom bean -->
            <bean id="trustedIServerCredentialsProvider" class="com.microstrategy.custom.auth.trusted.CustomCredentialsProvider" />
        </beans>
    4. Build the project.
  3. Use the customization in MicroStrategy Library.
    1. Deploy your MicroStrategy Library application.
    2. Copy the customization files from the project you built to your Library installation directory:
      • Copy CustomCredentialsProvider.class to the WEB-INF\classes\com\microstrategy\custom\auth\trusted folder.
      • Copy TrustedConfig.xml to the WEB-INF\classes\auth\custom folder.
    3. Restart MicroStrategy Library.

      When users log in to Library, additional user information will be extracted from the authentication token during authentication.