Configuring SSO

You have received two emails from orderfulfillment@infor.com:
  • The first email contains your credentials for Document Capture. This email contains this information:
    • The Transact Config Admin URL and the Transact Config Admin Username for the PROD environment.
    • A certificate file, ephesoft-cloud-xxxxx-prod.abc, for the PROD environment.
    • The Transact Config Admin URL and the Transact Config Admin Username for the DEV environment.
    • A certificate file, ephesoft-cloud-xxxxx-dev.abc, for the DEV environment.
  • The second email contains the corresponding passwords.
To configure SSO for an environment:
  1. Open the email with the credentials you received from orderfulfillment@infor.com and download the certificate file to a folder of your choice.
  2. Right-click the downloaded certificate file and select Rename. Change the .abc extension to .cer. Click Yes when prompted to confirm the changing of the extension. This .cer file will be used later in this procedure.
  3. Open the email with the credentials again and complete these steps:
    1. Copy the URL for Ephesoft Configuration Administration, a.k.a. the Transact Config Admin URL, to the clipboard.
      The URL has this format: https://<hostName>.ephesoft.cloud/configadmin/
    2. Open the URL in a browser.
  4. Log on to the application: Use the username and password that are provided in the two separate emails you received from orderfulfillment@infor.com.
  5. The Transact SSO Configuration Manager screen is displayed in the browser.
  6. Copy the SP Entity ID to a separate location such as a text document. This SP Entity ID is required later in this procedure.
    Note: The SP Entity ID has been configured to be unique to your deployment. It should be automatically generated. For example: ce9a0062-98d7-46c1-8175-df936db3b1ae
  7. Navigate back to Infor Ming.le. Click the User menu icon in the toolbar, and select Admin Settings.
  8. Click Add Application and complete these steps:
    1. In the Application Type field, select Infor Non-provisioned.
    2. In the Application Name field, specify IDM Capture - 2020.1.
    3. Specify a Display Name.
    4. Choose an icon.
    5. In the Logical ID field, specify lid://infor.idmcapture.idmcapture.
    6. Ensure Use HTTPS is selected.
    7. In the Host Name field, specify <hostName>.ephesoft.cloud.
    8. In the Context field, specify dcma.
  9. Click Save. A confirmation message is displayed.
  10. Click OK in the confirmation message window. The Application Details page is displayed.
  11. Click the Permissions tab at the bottom of the Application Details page.
  12. Click Add new users or IFS Security Roles.
  13. In the search field, specify IDMCapture.

    These security roles should be displayed:

    • IDMCAPTURE-User
    • IDMCAPTURE-Administrator
    • IDMCAPTURE-SystemAdministrator
  14. For these three security roles, select the check boxes. Then click Done.
  15. Click Save.
  16. Click the User menu icon in the toolbar, and select User Management.
  17. Click the hamburger icon and select Security Administration > Service Provider. Click the plus icon to add a new service provider.
  18. Specify this information:
    Application Type
    Select IDMCAPTURE.
    Display Name
    Specify IDMCAPTURE. This field is case-sensitive.
    Entity ID
    Paste the SP Entity ID from step 6 above. This field is case-sensitive.
    SSO Endpoint
    Ensure HTTP Post is selected.

    Then copy the Ephesoft Transact URL that you received through the email and paste this URL in the input field. The URL has this format: https://<hostName>.ephesoft.cloud/configadmin/

    Then replace “configadmin/” with “saml/SSO".

    The resulting URL now has this format: https://<hostName>.ephesoft.cloud/saml/SSO

    SLO Endpoint
    Ensure HTTP Post is selected.

    Then paste the Ephesoft Transact URL that you received through the email in the input field.

    Then replace “configadmin/” with “/saml/logout".

    The resulting URL now has this format: https://<hostName>.ephesoft.cloud/saml/logout

    Signing Certificate
    Select the file folder icon and navigate to the .cer file that was created in step 2 above. Upload the .cer file.
    Name ID Format and Mapping
    Leave the default value unchanged.
  19. Click the Save Item icon, that is, the floppy disc icon, at the top of the page.
    The new IDMCAPTURE service provider is displayed in the list on the Service Provider page.
  20. Click the Edit icon in the row of the new service provider.
    The details for the new service provider are displayed.
  21. Click View at the bottom of the page.
    The Identity Provider Information dialog box is displayed.
  22. Click Export SAML Metadata.
    Note: Save this file so that you can upload it into the Ephesoft Transact SSO configuration tool later during this procedure.
  23. After the export has been completed, click Cancel to close the Identity Provider Information dialog box.
  24. Open the URL for Ephesoft Configuration Administration, a.k.a. the Transact Config Admin URL, in a browser.
    This is the URL that you used in step 3 above.

    Log on if necessary.

    The Transact SSO Configuration Manager screen is displayed in the browser.

  25. In the Import IDP Metadata field, select File.
  26. In the IDP Metadata File field, click Browse.
    A file selection window is displayed.
  27. Locate and select the exported SAML Metadata file saved in step 22 above and click Open.
  28. Click Upload File.
  29. If the file upload is successful, a message is displayed: “File successfully uploaded.”.
    Click Ok in the message window.
  30. Click Configure to configure SSO for Ephesoft.
  31. A message is displayed: “This will configure SSO for Transact. Are you sure you want to proceed?
    Click Ok in the message window.
  32. If the configuration is successful, a message is displayed: “SSO successfully configured.
    Click Ok in the message window.
  33. Click Restart Transact in the upper right corner of the Transact SSO Configuration Manager screen.
  34. You are prompted whether you want to restart Transact. Click Ok in the question window.
    Note: This process takes several, approximately 5, minutes. Refresh the browser to check progress. When the service has restarted, the Transact SSO Configuration Manager screen is displayed.

    In the meantime, a 504 Gateway Time-out error or a 502 Bad Gateway error may be displayed when you refresh the browser. This is expected.

  35. After Ephesoft Transact restarts, open the Ephesoft Transact URL in a browser.
    The URL has this format: https://<hostName>.ephesoft.cloud/dcma

    When you open this URL, you are redirected to the Infor login page.

    If the Infor login page is not displayed after the first restart of the Transact Server, restart Transact a second time.

    Note: If you ever receive a "No Service Found!" error message, then modify the SSO Endpoint and SLO Endpoint that you defined in step 18. Insert "/dcma" directly after "ephesoft.cloud".

    The resulting SSO Endpoint URL now has this format: https://<hostName>.ephesoft.cloud/dcma/saml/SSO.

    The resulting SLO Endpoint URL now has this format: https://<hostName>.ephesoft.cloud/dcma/saml/logout