The Grid uses a pluggable architecture to authenticate users. All authentication is handled by a special Grid application called a session provider. SAML Session Provider is the only session provider that enables single sign on with Security Roles from Infor Federation Services, which is a prerequisite for running M3 in Infor Ming.le™ with SSO.
For new installations, install SAML Session Provider 1.14.
Existing installations running either Windows Session Provider or LDAP Session provider must replace the existing session provider with SAML Session Provider to enable SSO with Infor Ming.le.
The SAML Session Provider authenticates users using SAML to communicate with the IdP. User credentials are stored in AD but extended attributes (for example Security Roles) are also stored in Infor Federation Services (IFS) and emitted as claims during logon.
The session provider supports these authentication methods:
basic authentication (restricted to single IdP scenarios)
The SAML Session Provider implements the SAML protocol to authenticate users to the IdP (for browser clients that can be automatically redirected). The basic authentication method uses WS-Trust (for active, non-browser based clients).
For more detailed information about the Session Providers refer to Infor ION Grid Security Administration Guide.
Your system must meet these requirements:
AD FS is used as the Identity Provider (IdP). Federated set-ups with multiple AD FS servers are only supported for browser-based clients.
Infor OS is installed.
ION Grid version 188.8.131.52.90 or later is installed.
You have a domain account with the Infor Ming.le Security Roles IFSApplicationAdmin and AttributeServiceCaller. The password for this account should not expire, since it will be used for web service calls to IFS during runtime.
In AD FS, the Endpoint "/adfs/services/trust/13/usernamemixed" for WS-Trust 1.3 is both Enabled and Proxy Enabled.