Adding a service provider

You must have one of these security roles to add a service provider:

  • Infor-SystemAdministrator
  • IFSApplicationAdmin
  1. Select Security > Security Administration > Service Provider.
  2. Expand Service Provider.
  3. Click the Plus icon to add a new item.
  4. Select a value in the Application Type field as assigned to the application during the application registration process.
  5. Depending upon the protocol selected during registration, specify this information:
    For WS FED:
    Display Name
    The user friendly name given to the service provider.
    Entity ID
    The entity ID is the unique identifier for the service provider in the WS-Federation protocol. The entity ID must be unique in the environment across tenants.
    SSO Endpoint
    The URL where the federation hub issues the assertion, as part of the WS-Federation protocol.
    Note: Optionally, you can select the Support the use of SAML 2.0 tokens in the response check box. When selected, security tokens are exchanged between InforSTS and WS-Federation applications using the SAML 2.0 protocol instead of the SAML 1.1 protocol. We recommend using this option to enhance security. Before activation, ensure that your application supports security tokens with SAML version 2.0.
    Signing Algorithm
    Select the algorithm used to sign assertions. SHA256 is available as an option and is recommended for enhanced security. By default, the SHA256 option is unchecked.
    For SAML:
    Integrate with InforSTS
    This read-only field confirms that integration with Infor Security Token Service (STS) is set by default. This setting cannot be changed.
    Display Name
    The user-friendly name given to the service provider.
    Entity ID
    The entity ID is the unique identifier for the service provider in the SAML 2.0 protocol. The entity ID must be unique in the environment across tenants.
    SSO Endpoint
    Binding: The binding being used to deliver the SSO response from the federation hub to the service provider being configured: HTTP Post

    URL: The URL where the service provider received the SSO response from the federation hub as part of the SAML 2.0 protocol.

    SLO Endpoint
    Binding: The binding being used to deliver the SLO request from the federation hub to the service provider being configured:
    • HTTP Post
    • HTTP URL Redirect

    URL: The URL where the service provider receives the SLO request from the federation hub as part of the SAML 2.0 protocol.

    Signing Certificate
    The certificate used by the service provider to sign the SLO response. This certificate is mandatory. Only SHA256 certificates are accepted.
    Secondary Signing Certificate
    The alternate certificate used by the service provider to sign the SLO response. This certificate is optional.
    Note: This allows rotation of the signing certificate by the service provider without down time.
    Name ID as Identity2
    Defines the content of the name ID on the assertion.

    When enabled, the Name ID holds the Identity 2 value.

    When disabled, the Name ID holds a transient value.

    Signing Algorithm
    The algorithm used to sign assertions. We recommend using SHA256 for enhanced security. By default, the SHA256 option is unchecked.
  6. Click Save.