So in our company we use eToken authentication (eToken PRO). It works well on Linux and Windows systems (of course for Linux is needed additional settings, but it not so hard) and used widely in our company for authentication in web services.
In Saiku user account is determined automatically according to data from certificate fetched from headers which is sent from the user browser to server. As you know Saiku based on Spring framework, and all things that can be used in Spring can be used in Saiku – x509 certificates support is standard feature of Spring framework. Our configuration is almost the same with a little exceptions.