URLs for Service Provider Configuration

Provides details on customizations to the service provider service for login and logout.

Login URL for Service Provider initiated logins

For service provider intiated authentication, the service provider should be configured to forward authentication requests to the following URL:

URL: https://{gridguard server}/gridguard/saml/idp

where

  • {gridguard server} should be replaced with the host name of the GridGuard server

For example, if the name of the server is grid.company.com, then the login URL will be:

https://grid.company.com/gridguard/saml/idp

Login URL for Identity Provider initiated logins

For identity provider intiated authentication, users should use the following URL as the login URL:

URL: https://{gridguard server}/gridguard/saml/initiate/{service provider label}

where

  • {gridguard server} should be replaced with the host name of the GridGuard server and
  • {service provider label} should be replaced with the label of the service provider node specified in the admin configuration console.

For example, if the name of the server is grid.company.com and the service provider name is sample-sp, then the login URL will be:

https://grid.company.com/gridguard/saml/initiate/sample-sp

Logout URL Customization

When the user logs out of the service provider's website, it is important to also terminate the SAML session with GridGuard. Otherwise, the user will be able to re-login into the service providers website without providing any credentials, if the validity period has not expired.

To terminate a user session, the following URL must be invoked:

URL: https://{gridguard server}/gridguard/saml/logout/{service provider label}

where

  • {gridguard server} should be replaced with the host name of the GridGuard server and
  • {service provider label} should be replaced with the name of the service provider node specified in the admin configuration console.

For example, if the name of the server is grid.company.com and the service provider name is sample-sp, then the metadata URL will be:

https://grid.company.com/gridguard/saml/logout/sample-sp

The service provider website should be modified to invoke this URL as part of the user logout process. This will ensure that the user is forced to re-authenticate when they attempt to log into the service provider website the next time.