Specifying Multiple Header Variables for Authentication

Some identity management applications use only one header variable for the user ID, while others use more than one. MicroStrategy Web supports the use of multiple possible header variables. When MicroStrategy Web receives a request, it looks for the presence of a value in the specified header variables, in the order they are provided. Once it finds a value, MicroStrategy Web uses that header variable and does not check for the presence of any other specified header variables.

This scenario shows you how to customize the properties for a trusted authentication provider so that it can pass the information required for authentication using multiple header variables. An example of a trusted authentication provider that uses multiple header variables would be CA SiteMinder, which has two mechanisms for identity management—reading either a user ID or a certificate. When SiteMinder is used for single sign-on, MicroStrategy Web first checks for the presence of a value for the user ID in the SM_USER header variable. If it finds a value, it uses this for authentication. If it does not find a value, it then checks  for the presence of a certificate value in the SM_UNIVERSALID header variable. It can perform authentication with either value.

Since SiteMinder is supported out-of-the-box as a trusted authentication provider for MicroStrategy Web, this process happens automatically and does not require any action by the user. This scenario illustrates how to add multiple header variables for a custom trusted authentication provider, which does require user action.

This customization can be accomplished using the Web Customization Editor.

Using the Web Customization Editor to create a plug-in

MicroStrategy SDK provides a Web Customization Editor that can be used to create a customization plug-in. The following steps guide you in creating the plug-in and deploying it. 

1. Launch the Web Customization Editor. 

2. Click on MicroStrategy Web Configuration inside the Application Settings view to expand the hierarchical tree. The expanded list comprises the different settings that can be modified to perform customizations. 

3. Click on Property Files to gain access to the property files used in MicroStrategy Web.

4. Under Property Files, navigate to WEB-INF -> classes -> resources and double-click the custom_security.properties file for the trusted authentication provider to launch the Web Properties Editor. 

5. On the Web Properties Editor, the LoginParam property is listed with "YourCustomAppsLoginParamHere" as the value. 

6. Right-click the LoginParam property and choose Edit from the context menu. The Edit dialog displays. 

7. On the Edit dialog, enter the name of the first header variable that should be used for authentication, add a comma, and then enter the name of the second header variable that should be used for authentication.

When MicroStrategy Web receives a request, it looks for the first header variable that is specified. Only if it does not find this variable does MicroStrategy Web look for the next header variable that is specified.

8. Click OK to close the Edit dialog. The header variable values you entered are now displayed for the LoginParam property. 

9. Save your changes. 

10. Launch MicroStrategy Web to confirm that the appropriate header variable is used for single sign-on.

For specific settings that affect whether customization changes are applied automatically or require a restart of the Web server, see Applying customization changes to the application.