If JavaScript is disabled, please continue to the
sitemap
.
Infor ION Grid Security Administration Guide
Home
Home
Back
Back
Forward
Forward
Search
Help
Copy URL
PDF
Print this page
Help
Help
Copy URL
Copy URL
Topic URL copied to clipboard
PDF
PDF
Print
Hide the Table of Contents
Show the Table of Contents
Introduction
About this guide
Prerequisite knowledge
Which Grids does this guide apply to?
ION Grid security overview
ION Grid Certificate Management
Grid Keystores
HTTPS/SSL Certificates
SSL ciphers for HTTPS and proxy connections
Configuring SSL for grid HTTP clients
Securing Grid Proxy Connections
Certificate Authority Functionality
Console tool guide
Console tool methods and options
Example console commands
Grid-signed vs. CA-signed Certificates
Creating certificate signing requests and importing certificates
Creating certificate signing requests using console tools
Creating certificate signing requests by through the ION Grid Configuration Manager
Importing Signed SSL Certificates through the Configuration Manager
Importing Trusted Certificates via the Configuration Manager
Creating an SSL client keystore in ION Grid for LifeCycle Manager
Exporting the Grid Root Certificate in ION Grid for LifeCycle Manager
Managing the Alternative names list
To add alternative names for a single host
To add alternative names for all hosts
Creating a Grid-signed SSL certificate
Exporting an SSL Certificate with private key
Importing an SSL Certificate with private key
Managing SSL client certificates in the Configuration Manager
To manage client certificates
To issue a client certificate
To revoke a client certificate
Renewing/Reissuing Grid Certificates
To reinitialize grid integrity
To reinitialize grid integrity (alternative method for LifeCycle Manager controlled grids)
Authentication
Authentication Overview
Grid Principals and Sessions
Session Provider Requirements and Selection
Session Provider Types
Requirements and Selection
System requirements for Session Providers
Downloading the Session Providers for LifeCycle Manager
Uploading the Session Providers to the LifeCycle Manager
Installing and configuring the SAML Session Provider
Install the SAML Session Provider 1.14 using the standalone deployment profile
Install the SAML Session Provider 1.13 using the standalone deployment profile
Add Assertion Consumer Service endpoint to AD FS
Add Assertion Consumer Service endpoint to InforSTS
Add Service Provider Configuration to PingFederate
SAML Authentication Request approved authentication methods
Installing and configuring the SAML Session Provider 1.14 using LifeCycle Manager
Installing and configuring the SAML Session Provider 1.13 using LifeCycle Manager
Install using the Custom ADFS profile
Install using the "Custom Ping" profile
Related topics
Configuring login and logout endpoints
Initial configuration
Updating assertion consumer services
Removing assertion consumer services
Updating login and logout endpoints in the IdP
Validating the SAML Session Provider installation
Verify the SAML configuration
Add security roles in IFS
Mapping IFS roles to Grid roles
Mapping groups from the AD via AD FS to the Grid
Changing Identity Provider
Upgrading the SAML Session Provider from 1.13.x to 1.14.x
Upgrading the SAML Session Provider from 1.11.x to 1.13.x
Managing the SAML Session Provider trust stores
To manage the SAML Session Provider trust stores in on-premise environments
To manage the SAML Session Provider trust stores in cloud environments
To manually upload a signing certificate
To manually upload an HTTPS certificate
To manually remove a certificate from a trust store
Updating the SAML Session Provider assertion signing key store
Managing the signature algorithm for the SAML Session Provider
Error detection
Changing the signature algorithm used by the SAML Session Provider
Changing the signature algorithm configured in AD FS
Changing the signature algorithm configured in PingFederate
Client access to grid applications when using the SAML Session Provider
Load Balancer Considerations
Certificates and Routers
SAML Session Provider installation properties for load balancers
Uninstalling a SAML Session Provider
Error Handing for the SAML Session Provider
Installing the Windows Session Provider
Using the Negotiate web authentication method
Installing the Windows Session Provider using standalone deployment
Installing the Windows session provider in a grid using LifeCycle Manager
Installing and configuring the LDAP Session Provider
Install the LDAP Session Provider
Configure the LDAP Session Provider
Add a secondary server
Add additional domains
Testing the LDAP Session Provider configurations
LDAP Session Provider standalone deployment
Encrypted LDAP Connections
Truststore management
Installation properties
Using multiple domains
Adding fail-over hosts
Description of configuration properties
Connection properties
Changing properties after the deployment
Changing the Session Provider
Configuring Router WWW Authentication Methods
Authenticating with a Grid Client Certificate
Authenticating with a Grid Client Certificate to the Grid Management Pages
Impersonation
Example scenario
Impersonation framework
Username validation
Enabling/disabling Impersonation
Authorization
Authorization Overview
Authorization Levels
How Roles Are Assigned to Users
Certificate-based Authentication and Roles
Session Providers and Roles
Global Roles and Application Roles
Default Roles
Application-specific Roles
Defining role mappings
Automatic role mapping
Navigation to Role Mapping Pages
Configuring role mappings
Selecting role mappings
Password Management
File Security
Stand-alone installations
LCM-managed installations
Installation set-up
Running the grid
Adding and removing users from the Windows groups
Adding or removing a user to the grid full access or read access groups on Windows Server
Uninstalling the grid
External System Communication
External System Communication introduction
Single Grid Scenario with External Systems
External System Configurations
Grid Application Access to External System Configurations
External Credentials
External Systems Management Guide
Accessing the External Systems Management UI
Accessing the External Systems Credentials UI
Adding or editing an external system configuration
Removing an external system configuration
Adding a private key to an external system configuration
Removing a private key from an external system configuration
Mapping and unmapping an external system to an application
Adding users for external systems
Editing a user
Removing users
Setting validity dates for a user
Adding external credentials for a user
Removing external credentials for a user
External Systems Self-Service Guide
Accessing the External Systems Self-Service UI
Adding external credentials for the current user
Removing external credentials for the current user
Grid Relay User Configuration
Explanations of Words and Concepts
Relay User
Relay User Configuration
Adding a new user for Relay mapping
Adding a relay user ID to an existing user
Removing a relay user ID from a user
Adding a raw role for a relay channel
Assigning an existing raw role for a relay channel
Removing a raw role for a relay channel
Logging and Auditing
Logging Levels
Configuring Logging Levels
Grid-wide Logging Levels
Router Logging Levels
Application Logging Levels
Application-level Logging for a Specific Host
ION Grid Installation Scenarios
Recommended ION Grid Installation Scenarios
Cloud
Internal
Internal Supporting External Users
Reference
ION Grid Terminology
Authentication with SAML and IFS
SAML Entities
Installation
Runtime
Open link in new tab
Open link in new window
Copy link to clipboard