Session Provider Types

SAML Session Provider

The SAML Session Provider authenticates users using SAML to communicate with AD FS 2.0+ (on-premise) or PingFederate (cloud). User credentials are stored in AD but user data can also be synchronized to Infor Federation Services (IFS) for extended attributes (Claims) and security role assignment. The session provider supports these authentication methods: basic authentication and SAML 2. The SAML Session Provider implements basic authentication using WS-Trust to authenticate users to AD FS 2.0 (for active, non-browser based clients). The SAML 2 authentication method uses WS-Federation (for browser clients that can be automatically redirected).

Windows Session Provider

This session provider uses the same authentication mechanisms as Windows itself and provides support for NTLM and Kerberos authentication. It must be installed on a Windows 2012 server belonging to the Windows domain against which it will authenticate. The Windows Session Provider supports the following authentication methods: basic authentication, NTLM, and Negotiate.

LDAP Session Provider

This session provider supports complex authentication options, including multiple domains, server fail-over options, and authentication against standalone LDAP servers. The LDAP Session Provider can be used for authenticating users to any LDAP server, including Active Directory. The LDAP Session Provider supports basic authentication using the LDAP authentication method Simple Authentication only. This session provider requires configuration for basic setup and to take advantage of its more powerful features.