Skip to main content

Testing relying party trusts

Contributors
PDFs

Before you enforce the use of single sign-on (SSO) for StorageGRID, confirm that single sign-on and single logout (SLO) are correctly configured. If you created a relying party trust for each Admin Node, confirm you can use SSO and SLO for each Admin Node.

What you'll need

  • You must be signed in to the Grid Manager using a supported browser.

  • You must have specific access permissions.

  • You have configured one or more relying party trusts in AD FS.

Steps

  1. Select Configuration > Access Control > Single Sign-on.

    The Single Sign-on page appears, with the Sandbox Mode option selected.

  2. In the instructions for sandbox mode, locate the link to your identity provider's sign-on page.

    The URL is derived from the value you entered in the Federated Service Name field.

    URL for identity provider sign-on page

  3. Click the link, or copy and paste the URL into a browser, to access your identity provider's sign-on page.

  4. To confirm you can use SSO to sign in to StorageGRID, select Sign in to one of the following sites, select the relying party identifier for your primary Admin Node, and click Sign in.

    Testing relying party trusts in SSO Sandbox Mode

    You are prompted to enter your username and password.

  5. Enter your federated username and password.

    • If the SSO sign-in and logout operations are successful, a success message appears.

      SSO authentication and logout test success message

    • If the SSO operation is unsuccessful, an error message appears. Fix the issue, clear the browser's cookies, and try again.

  6. Repeat the previous steps to confirm you can sign in to any other Admin Nodes.

    If all SSO sign-in and logout operations are successful, you are ready to enable SSO.