Testing relying party trusts

Before you enforce the use of single sign-on (SSO) for StorageGRID, confirm that single sign-on and single logout (SLO) are correctly configured. If you created a relying party trust for each Admin Node, confirm you can use SSO and SLO for each Admin Node.

Before you begin

Procedure

  1. Select Configuration > Single Sign-on.
    The Single Sign-on page appears, with the Sandbox Mode option selected.
  2. In the instructions for sandbox mode, locate the link to your identity provider's sign-on page.
    The URL is derived from the value you entered in the Federated Service Name field.

    URL for identity provider sign-on page
  3. Click the link, or copy and paste the URL into a browser, to access your identity provider's sign-on page.
  4. To confirm you can use SSO to sign in to StorageGRID, select Sign in to one of the following sites, select the relying party identifier for your primary Admin Node, and click Sign in.

    Testing relying party trusts in SSO Sandbox Mode

    You are prompted to enter your username and password.

  5. Enter your federated username and password.
    • If the SSO sign-in and logout operations are successful, a success message appears.
      SSO authentication and logout test success message
    • If the SSO operation is unsuccessful, an error message appears. Fix the issue, clear the browser's cookies, and try again.
  6. Repeat steps 4 and 5 to confirm you can sign in to any other Admin Nodes.
    If all SSO sign-in and logout operations are successful, you are ready to enable SSO.