This page applies to MicroStrategy 2021 Update 4 and newer versions.

Upgrade Open SAML in MicroStrategy

MicroStrategy prioritizes security and is constantly working to stay abreast of the latest security standards and enhancements. Upgrading the OpenSAML component within MicroStrategy is a vital step of this journey.

In MicroStrategy 2021 Update 4, org.opensaml has been upgraded from v2.6.7 to v4.1.0. The spring-security-saml2-core framework, whose end of life is October 6, 2021, has also been replaced with a newer, more secure spring-security-saml2-service-provider v5.5.3.

What this means for you:

If the MicroStrategy environment is configured to use SAML without any customization, the upgrade is completely seamless to MicroStrategy 2021 Update 4 and no additional steps are required.
This change does not impact SAML on ASP.
If the MicroStrategy environment is configured to use SAML and there have been additional customizations added to this configuration, additional steps may need to be followed after the upgrade. The steps are simple and often just need a replacement of classes with newer and more secure classes.

Please note the following for this upgrade:

Single and global logout are no supported in MicroStrategy 2021 Update 4. See the official Spring documentation for details.
This new SAML version now supports multi-tenant customizations. See the official Spring documentation for details.
If AuthnRequest is required to be signed by the Idp server, set WantAuthnRequestsSigned=true in the Idp configuration of IDPMetadata.xml. This assertion is required to be signed unless the response is signed. See the official Spring documentation and Use Signed Authn Requests for SAML in MicroStrategy 2021 Update 4 for details.

Upgrade Customized SAML Configurations

Modify the existing SAML authentication customizations to be compatible with the new OpenSAML framework for the following:

Build New Customizations

Build new SAML authentication customizations for the following: