The SAML protocol defines a number of roles. In the Grid, these are the roles we refer to:
Service Provider (SP) – This is the role of the SAML Session Provider/Grid. Grid applications provide services that require authentication, and the SAML Session Provider initiates the authentication using the SAML protocol. In AD FS, the Service Provider is called a Relying Party Trust (RPT).
Identity Provider (IdP) – This is the role of the entity that is responsible for handling authentication against the user repository. In on-premise environments, AD FS (Active Directory Federation Services, a Microsoft product) has the role of the Identity Provider.
Claims Provider – This is the role of IFS (Infor Federation Services), which is part of Infor Operating Service (Infor OS). After a successful authentication, the IdP retrieves additional attributes for the user from IFS, in particular Security Roles, which are maintained in IFS. In the SAML standard, the attributes are called claims. Claims may also come from other stores, for example attributes from the AD. All the claims for a user are included in the authentication response, returned from the IdP to the SAML Session Provider when the user has been authenticated.