Creating an IdP connection

  1. Download and save the metadata file from the acting identity provider for theInfor STS.
    Sample ADFS metadata URL: https://<ADFS HOSTNAME>/Federationmetadata/2007-06/Federationmetadata.xml
  2. Navigate to the IdP Connection page from the STS Panel page. Click the IdP connection count in the circle.
  3. To create an IdP connection, use one of these methods:
    • Manually add an IdP connection by clicking Add.
    • Import a metadata file by clicking Import from file.
    • From a URL, import from a metadata file path by clicking Import from URL. This URL must be accessible from the server in which you are running the STS user interface.
  4. Specify this information:
    Display Name
    A human-readable name for your application.
    Partner Entity ID
    This should be the entity ID of your identity provider.
    Description
    A human-readable description for your identity provider.
    Display Icon
    This icon is reflected on the Home Realm Discovery page when you are selecting which identity provider to sign in. To revert back to the default icon after making changes, you can do so by clicking Get Default Icon.
    Enable MFA
    If selected, the MFA status of all users of the tenant becomes Enabled. At the time of login, the user is challenged for a Time-based One-time Password (TOTP) if the user has already registered a device for MFA. Emails to register MFA devices are automatically sent to all administrators.

    After MFA is enabled, users can register MFA devices from user settings through the Infor LTR Portal.

    Enable remote logout
    When this check box is selected and then a logout is performed, the remote identity provider is logged out as well. If this is option is not selected, then the logout request is not sent to the remote identity provider. so, when logging in again, the user is not prompted for a user name/password.
    Connection Endpoints
    A list of endpoints for your application:
    • Endpoint Type: SAML applications should have two endpoints, at minimum, an SSO and SLO endpoint.
    • Endpoint Binding: Binding used by IdP for this endpoint. STS supports POST and REDIRECT.
    • Endpoint URL: Complete URL for this endpoint.
    Primary Signing Certificate
    This should be a file in a .cer format.
    Secondary Signing Certificate
    A secondary token signing certificate.
    Signature Algorithm
    The algorithm used by your application to sign requests. Supported algorithms are SHA1 and SHA256. SHA256 is strongly recommended.
    Sign Authentication Request
    This check box is selected by default.
    Assertion Identity Key
    The claim value that an identity provider sends for the user who is trying to log in. Select from these options:
    • Name ID: Options for selecting the name ID
    • Claim Identity Key: A text box to type in the key
    • Script: Custom claim rules
    • IFS user lookup field: This value, selected from a drop-down list, is used with the value from the Assertion Identity Key to look up a user in IFS. The default value is UPN.