MicroStrategy ONE
Library SAML Configuration with Proxy or Load Balancer
Using a reverse proxy or load balancer can alter the HTTP headers of the messages sent to the application server. These HTTP headers are checked against the destination specified in the SAML response to make sure it is sent to the correct destination. A mismatch between the two values can cause the message delivery to fail.
The SAMLConfig.xml file needs to be altered to force the application to ignore HTTP heads and instead check against a user defined value. This file is stored as part of a .jar file in the SAML support libraries. You can make this change manually, using the procedure below or modify the Behind the proxy setting on the SAML configuration page. See Generate SAML Configuration Files for more information about the Behind the proxy setting.
To modify the SAMLConfig.xml file:
- Locate
restful-api-1.0-SNAPSHOT-jar-with-dependencies.jarin theWEB-INF/libof the MicroStrategy Library file directory. - Find
SAMLConfig.xmlinauth, inside the JAR file. - Copy the file and place it in
WEB-INF/classes/authwith your other SAML configuration files. Now any modification of the file will take precedence over the original file inside the JAR file. -
Find
<bean class="org.springframework.security.saml.context.SAMLContextProviderImpl" id="contextProvider"/> in the file and replace it with the following bean:Copy<bean id="contextProvider" class="org.springframework.security.saml.context.SAMLContextProviderLB">
<property name="scheme" value="https"/>
<property name="serverName" value="your external hostname"/>
<property name="serverPort" value="443"/>
<property name="includeServerPortInRequestURL" value="false"/>
<property name="contextPath" value="/MicroStrategyLibrary"/>
</bean>- The properties here are just examples and need to be configured with correct information to match the application's external URL.
- The bean class is different from the original it has been changed to
SAMLContextProviderLB. - The
contextPathstops at the application name.