Setting up Distributed Single Sign-On for Infor Lawson System Foundation 9.0.1.5 and higher

If Infor Lawson System Foundation 9.0.1.5 and higher is installed, use the procedure in this section to configure Infor BI for Lawson to use Lawson Distributed Single Sign On (DSSO) .

As best practice, install Infor BI for Lawson and Infor Lawson System Foundation on separate servers.

The DSSO components must be installed on the Infor BI for Lawson server.

Note: If you have upgraded to Infor Lawson System Foundation 9.0.1.5 or higher, you must change your Framework Services authentication option to Lawson Single Sign-on 901 SP5+.

If you are planning to use Direct IOS with DSSO for Lawson Single Sign-on 901 SP5+, you must create the Direct IOS service.

  1. Open the Tools dashboard and click System Settings. The System Configuration Assistant is displayed.
  2. In Authentication Provider, select Lawson Single Sign-on 901 SP5+. The default value in this field is File-based Authentication.
  3. Specify this information:
    IOS Direct Configuration Location (pkiConfigDirectory)
    Specify the location and name of the configuration file. For example, C:\InforLawsonBI\FrameworkServices\conf\services.cfg.
    Service Name (service-name)
    Specify the name of the SSO service you created during DSSO installation.
    Resource Manager Base URL (ssoRMURL)
    Specify the URL and port number to the Resource Manager machine. This is used to determine what roles or groups a user belongs to and which users are available to the entire system.
    Resource Manager User Name (ssoRMUserid)
    Specify a user with access to Resource Manager. This user must have permission to execute queries and have access to all users and groups. You should create a user specifically for this task.
    Administative Resource Manager Group (administrator-role)
    Members defined within this Resource Manager group are considered administrators within Framework Services.
    Note: You should create a Resource Manager group, for example, EFSAdministrators, to use specifically when setting up Lawson Single Sign-on 901 SP5+ as your authentication provider.
    Power Designer Role (PowerDesignerRole)
    Optionally, you can specify a user in the specified user group to create content.
    User Synchronization Fetch Size (maxRMUsersReturned)
    Specify the number of users to retrieve in a single call to DSSO during the synchronization process. Framework Services uses this value to make repeated calls to DSSO to retrieve all users.
    Note: This value allows multiple users and their associated groups to be returned from DSSO, instead of retrieving users and their associated groups one at a time.

    For example, for a company with 1,500 users, if you set the User Synchronization Fetch Size to 100, then Framework Services will make fifteen calls to DSSO. If the User Synchronization Fetch Size is blank, Framework Services will make a call for each user.

    Setting the User Synchronization Fetch Size can enhance performance.

  4. Click Save Changes.
  5. In Websphere, stop and start your Framework Services application server.