Grid principals and sessions

When a user has been authenticated, a grid principal and a session are created for that user. The grid principal is the grid’s logical representation of a user and the associated roles. When applicable, access to restricted grid resources is based on the roles assigned to the grid principal. For more information, see Authorization Overview.

The source of the name of the Grid principal depends on the authentication method.
  • For SAML, the name of the Grid principal is retrieved from one of the claims included in the returned SAML token from IdP. The default claim value is http://schemas.infor.com/claims/Identity.
  • For OIDC, the name of the Grid principal is retrieved from the provided tokens based on the Principal Name claim configuration.
  • The grid principal name for the client certificates is specified when creating the certificate.
  • The grid principal name for OAuth corresponds to the name of the OAuth 1.0a configuration or the Principal Name property if set.
  • The grid principal name for JWT corresponds to the Principal Claim Name configured for the token issuer.

A session times out after a pre-configured amount of time.

Session can be viewed from the Grid Management Pages, by selecting Security > Sessions. For each listed session, the principal, its roles, the origin of the call that established the session, the component that established the session, and its remaining life are listed. It is also possible to delete session prematurely.