Grid principals and sessions

When a user has been authenticated, a grid principal and a session are created for that user. The grid principal is the grid’s logical representation of a user and the associated roles. When applicable, access to restricted grid resources is based on the roles assigned to the grid principal. For more information, see Authorization Overview.

  • The name of the grid principal is retrieved from one of the claims included in the returned SAML token from the IdP. The default claim value is http://schemas.infor.com/claims/Identity.
  • The grid principal name for the client certificates is specified when creating the certificate.
  • The grid principal name for OAuth corresponds to the name of the OAuth 1.0a configuration.
  • The grid principal name for JWT corresponds to the client_id.

A session times out after a pre-configured amount of time.

Session can be viewed from the Grid Management Pages, by selecting Security > Sessions. For each listed session, the principal, its roles, the origin of the call that established the session, the component that established the session, and its remaining life are listed. It is also possible to delete session prematurely.