Configuring federated security

Federated security allows you, as the external entity administrator, to configure an identity provider for your external entity. An identity provider is an additional authentication mode that you can set up for your external entity. This feature provides external users the option to authenticate into Infor OS Portal or Infor Ming.le using their corporate identity.

Suppose you want to store the external entity users information (for example: user name and passwords) outside of Infor OS Portal or Infor Ming.le. In that case, you must perform a federation between your active directory and Infor OS Portal or Infor Ming.le federate in the Federated Security section. Infor depends on the customer's login process to authenticate the user if an identity provider is configured for an external entity. Authentication checks that the user name and password are correct. The identity provider is responsible for storing and maintaining the life cycle of the external user's passwords.

Use the Federated Security page to configure SAML 2.0 identity provider security for your Infor OS Portal or Infor Ming.le instance. This feature provides users the option to authenticate to Infor OS Portal or Infor Ming.le with their corporate identity.

This page displays this information:

  • The display name of the federated security
  • The issuer of the federated security
  • If the federated security is enabled for SAML 2.0

SAML 2.0

The Federated Security SAML 2.0 tab has these options:

Option Description
Display Name This option is displayed to users during the sign-in process if you allow users to select their own authentication method on the Authentication URL Options page.
Note: There is a limitation on the STS adapter side that causes this option not to accept some characters.
Display Icon This option is displayed to users during the sign-in process if you allow users to select their own authentication method on the Authentication URL Options page.
Import SAML Metadata
  1. If you have an Identity Provider metadata XML file available for upload, click From File and select the metadata XML file.

    If you have a publicly accessible URL to an Identity Provider metadata XML file, click From URL and enter the metadata XML URL.

    The XML file is parsed, and these input fields on this page are automatically completed.

    • Issuer
    • Identity Provider Certificate
    • Assertion Consumer Service
    • Single Logoff Service
  2. Verify the inputs and add any additional information required.
  3. If you are not importing Identity Provider SAML metadata, enter the following information manually.
Issuer Enter the SAML issuer entityId.
Identity Provider Certificate

Select the certificate file. Only *.CER files are supported.

The certificate is parsed and the Current Certificate and Expiration information are displayed.
Assertion Consumer Service Select the type and enter the location of the assertion consumer end point.
Single Logoff Service Select the type and enter the location of the single logoff end point.
Assertion Identity Key This specifies the field from the incoming assertion used to identify the user.

Select one of these options:

  • Identity is the NameIdentifier element of the Subject statement
  • Identity is an Attribute element

Attribute Name – This is where the claim uri is entered.
EE user lookup field This specifies which value from the external entity user definition is being used to identity the user. The administrator can use the drop-down to select a user property.
Service Provider Information Click View to open an overlay that contains the Infor OS Portal or Infor Ming.le Service Provider information. This information is displayed:
Entity ID
This is the unique identifier of the identity provider.
Current Certificate
This is the encrypting certificate public key of the service provider.
Expiration
This is the expiration date of the encrypting certificate of the service provider.
Assertion Consumer Service
This is the end point of the assertion consumer service.
Binding
This is the SAML binding of the identity provider's assertion consumer service.
Single Logoff Service
This is the end point of the identity provider's single logoff service.
Single Logoff Binding
This is the end point of the identity provider's single logoff binding. You also have the option to export the above information as a SAML metadata XML file. Click Export SAML Metadata and save the file.