SAML Entities

The SAML protocol defines a number of roles. In the Grid, the ones we refer to are the following:

• Service Provider (SP) – This is the role of Grid. Grid applications provide services that require authentication, and the Grid initiates the authentication using the SAML protocol. In AD FS, the Service Provider is called a Relying Party Trust (RPT).

• Identity Provider (IdP) – This is the role of the entity that is responsible for handling authentication against the user repository.

• Claims Provider – This is the role of IFS (Infor Federation Services), which is part of Infor OS. After a successful authentication, the IdP retrieves additional attributes for the user from IFS, in particular Security Roles, which are maintained in IFS. In the SAML standard, the attributes are called claims. Claims may also come from other stores, for example attributes from the AD. All the claims for a user are included in the authentication response, returned from the IdP to the Grid when the user has been authenticated.