Configuring SAML

The SAML protocol defines a number of roles. In the Grid, the ones we refer to are the following:

• Service Provider (SP) - This is the role of Grid. Grid applications provide services that require authentication, and the Grid initiates the authentication using the SAML protocol.
• Identity Provider (IdP) - This is the role of the entity that is responsible for handling authentication against the user repository.

For successful authentication via SAML, your system must meet the following requirements:

• The Identity Provider (IdP) specified during the installation must be available.
• The Infor Federation Services specified during installation must be available.
• In Grid, there is a router corresponding to address and port in the Service Provider URLs configuration for the login service and the logout service. The router is configured to use the authentication method saml2. This router is referred to as "the SAML router" in this documentation.
• If the login is to be managed through a load balancer, the Service Provider URLs for the login service and the logout service, and consequently the SAML router, uses the load balancer address.
• Trust must have been established between the Grid and the IdP.
• The IdP must be configured with the current Service Provider properties.
• The Grid must be configured with the current IdP properties.

For an overview on authentication with SAML and IFS, see Authentication with SAML and IFS.