SAML Trust

In SAML authentication, trust must be established between the service provider and the identity provider.

For this purpose, Grid stores sets of trusted certificates:

• Certificates for verifying the signature of messages from the IdP.
• Certificates for verifying the transport security from external services:
  • OAuth 2.0 Token Retrieval Service - use this service for retrieving a user's OAuth2 tokens. The token is used to authenticate calls to ION API.
  • Username Token Service - use this service for on premises scenarios to re-authenticate an already authenticated user. The trust configured for this service is required for Grid to connect to the Identity Provider using the WS-Trust protocol.