Authentication overview

Most grid applications require users to be authenticated and have an established session to allow access to their published services. There are three ways to establish a session:

  • End users log on via the SAML or OIDC protocol.
    • To configure SAML authentication, see Configuring SAML.
    • To configure OIDC authentication, see .

These two methods are primarily intended for server-to-server communication:

  • Logging on using the SSL handshake with a key store/certificate - The SSL handshake authentication method allows a connection to be made as an authenticated user based on provided key material. See To configure SSL for grid HTTP clients.
  • Logging on with an authorization token - The grid can also issue credentials for OAuth1.0a to be used for authentication, and authorize JWT tokens. The ability to accept authorization tokens is configurable per router. See Token Authentication.

The authentication includes role assignments, where the application-specific roles are mapped to grid roles. For more information on role mapping, see Authorization Overview.