MicroStrategy ONE
Gathering MicroStrategy User Credentials
When a user makes a request for MicroStrategy Web content or functionality, the user must be authenticated before the requested action can take place— either by creating a new user session on MicroStrategy Intelligence Server or by validating an existing user session. In order to create a new Intelligence Server session for a user, a specified authentication authority must validate identifying information supplied by or for the user to verify that the user is a valid MicroStrategy user. To validate an existing Intelligence Server session for a user, a session previously created for the user must be verified to exist and still be alive (that is, the session must not have been closed or timed out).
In order for user authentication to succeed, the MicroStrategy metadata must contain a user object that has matching identifying information for the specified authentication mode. In addition to the standard MicroStrategy user ID and password, supported authentication modes include a linked Windows NT account, an LDAP user id and password, or a warehouse database user id and password. Authentication can also be performed by an identity management application with which a trusted relationship has been created.
To gather the identifying information needed to authenticate a user and create a new Intelligence Server session, one of the methods described below must be used.
-
Collect MicroStrategy user credentials (and the authentication mode to be used) on the default login page and pass them directly from the web browser to MicroStrategy Web in the URL.
MicroStrategy Web can then pass these exact credentials to Intelligence Server for user authentication and session creation. This happens automatically when MicroStrategy Web uses the default ESM and default authentication and session creation.
-
Collect MicroStrategy user credentials (and the authentication mode to be used) on the default login page and use them to create a session on Intelligence Server. The session state can be passed directly to MicroStrategy Web in the URL.
-
Collect user credentials on a custom login page, map them to a set of MicroStrategy credentials, and then pass these mapped credentials directly to MicroStrategy Web in the URL.
When credentials are passed in the URL, any existing session— including the credentials used for that session— is wiped out.
-
Collect user credentials on a custom login page, map them to a set of MicroStrategy credentials, and then use these mapped credentials to create a session on Intelligence Server. The session state can be passed directly to MicroStrategy Web in the URL.
In a non-portal environment, a custom ESM can be used to map the login credentials to MicroStrategy credentials and then pass these mapped credentials to Intelligence Server for user authentication and session creation. In a portal environment, user credentials are mapped by a custom credential mapper class specified as a property of the MicroStrategy portlet, rather than by a custom ESM.
-
Use the proof of authentication provided by a trusted authentication provider to authenticate the user to MicroStrategy Web.
To pass the identifying information needed to authenticate a user when you are validating an existing session rather than creating a new one, use the method described below.
-
Pass the session state for an existing session in the request to the web server, which validates the session by checking to see if the session is still alive. The session information is usually passed in the URL, but it can also be somewhere else, such as in a cookie.