Synthetic Session Provider Defined Roles

When a user is authenticated by a session provider, the session provider will associate the user with a set of session provider defined roles. When the Lawson Grid asks the session provider for this list of associated roles, it adds two synthetic roles: authenticated and the username of the user. This means that all authenticated users will always be associated to at least two groups (even if the session provider actually doesn’t do any association). The purpose of this is that even if the session provider isn’t configured to associate a user with any roles, you at least get the user name and the fact that the user is authenticated. This enables you either to map specific users to application defined roles or to simply say that all authenticated users should be mapped to a particular application defined role. For example, all authenticated users can be mapped to the applicationName/app-user role, meaning that all users may use that particular application.