Configuring IFS after a basic installation

If you initially installed your farm with Basic authentication, you can reconfigure your farm with IFS web access.

Note: Ensure that nobody has any content checked out to the present web authentication setting, before changing the authentication.

Ensure you have met all the prerequisites for IFS and that the correct certificates are available.

  1. Start the Service Expert and click the Global Security tab.
  2. In the Security section, specify or change this information:
    • For Service to Service Security, select OAuth as the authentication type.
    • For API security, select OAuth as the authentication type. Select the Use SSL/TLS encryption check box when using ION API.
  3. For Web access security, select Infor Federation Services as the authentication type. The Use SSL/TLS encryption check box is automatically selected and required.
  4. Click Configure to start the IFS configuration.
  5. Select the required Client access security.

    When using IFS authentication in the web, the client application can use either basic authentication or IFS authentication. When using IFS authentication in client applications, ION API must be configured.

    If you select Basic as the authentication type, you can continue with step 10.

  6. Specify this information in the IFS configuration dialog box:
    URL
    This is the IFS Service URL in IIS.

    Start the Infor OS Manager as an administrator. After clicking Validate the object browser opens. Go to Services, here you can find the IFS URL.

    A part of IFS Service is configured to use http instead of https. When https causes issues, switch to use http access.

    OS Farm ID

    This is the farm ID that you specified when you initially installed the Infor OS farm, for example InforOSFarm. The entities are suffixed with this ID. This makes them unique if you have multiple Infor OS farms that are bound to the same ADFS.

    On the login page of the Infor OS Manager you can find the Infor OS Farm field.

  7. Select Infor Federation Services to use Infor Ming.le.

    When selected, the Use SSL/TLS encryption check box is automatically selected and required.

    Additional settings are displayed in the dialog box. These settings are required to establish the connection to the IFS server, Infor Ming.le and ION API.

    For this step the Infor OS certificates are required.

    The Infor Ming.le/IFS certificate must be trusted on the Infor EPM servers to complete the Infor EPM configuration. The Infor EPM services have to connect to IFS to establish the trust.

  8. Click Configure to start the IFS configuration.
  9. Specify this information in the IFS configuration dialog box:
    OpenID URL
    Usually you can specify the URL of the InforIntSTS application in IIS. Note that the baseUrl points to the ION API gateway and not to the Infor EPM application.

    You can find the OpenID URL in the Infor OS Manager in System Configurations or in IIS in the Sites folder on the Infor OS machine.

    Verify the URL works.

    See these guides:

    • Infor OS Installation Guide
    • Infor OS Administration Guide
    • Infor ION API Administration Guide
    ION API Gateway URL
    This is the Gateway to connect to the ION API Infor OS farm machine and port 8443, the default port that ION API uses. A client application cannot use the ION API Gateway unless it is registered as an authorized client application.
  10. Go to the Certificates section to create the certificates for the Infor EPM farm.
  11. Click Create to create or import a master certificate.
    Ensure you are familiar with the different types of certificates.

    For the master certificate, you can select one of these check boxes:

    • Import a certification authority-signed master certificate
      Ensure the certificate you import can sign other certificates. If you use a certificate authority-signed certificate, all certificates generated by Service Expert are trusted on any machine, automatically.
      1. Browse to the certification authority-signed master certificate file in your local folder and import the certificate of Infor EPM. Click OK.
      2. Specify a password.
    • Generate a new self-signed master certificate
      The Service Expert generates a self-signed certificate. In that case also specify a password to protect it. Do not leave the field blank.
  12. Click OK.
  13. Click Create to create or import a web access certificate.
    • Import a certification authority-signed certificate
      This check box is recommended when using a self-signed master certificate.
      1. Browse to the custom certificate file in your local folder and import the certificate of Infor EPM. Click OK.
      2. Specify a password.
    • Generate a new certificate
      Select this check box when using a CA-signed master certificate. The generated certificate is trusted on any machine.

      When using a self-signed master certificate, you must manually trust the generated certificate on all web browser and Excel Integration servers. This combination is recommended for test environments. Specify a password to protect the certificate. Do not leave the password field blank.

  14. Click OK.

    If there are workers or managers on other machines that are part of the farm, apply the changes on all other machines by running the Service Expert. Resolve the detected issues for individual workers and managers when shown by the Service Expert.

    When you change the global security settings you must save the new connection profile for the farm by clicking Save to File in the Profile section. If you do not save the profile, connecting to the Farm Expert from the Service Expert can be blocked.

  15. Restart all services.
  16. Run the Farm Expert.
  17. Click the Repository and Access step and select the Register administrator check box.
  18. Specify the user name for the user with an IFS account who will be the Infor EPM administrator.
    The user is registered as an administrator. The administrator can log in to EPM Administration and add more users or groups to a farm. The administrator can also manage and administer your applications or OLAP database.
  19. Click Next.