secadm mitrustsetup - Security Administration: Trusted Connections Setup
secadm mitrustsetup create --miservice serviceName --alias Landmark-envname
secadm mitrustsetup import m3be-alias.cer
The secadm mitrustsetup
command enables you
to set up a trusted connection between Landmark and the M3 Business
Engine. Once the MI Socket trusted connections are set up, the Landmark
server and the M3 Business Engine server will authenticate to each
other using public key certificates. Landmark will authenticate users
against the central repository and then send only the user names (no
passwords) to the M3 Business Engine when accessing through the MI
socket. Because the M3 Business Engine knows that it is indeed communicating
to Landmark and that Landmark has authenticated the user, there is
no need to authenticate the users again. This setup simplifies the
maintenance of users in a Landmark system that is connected to the
M3 Business Engine via an MI socket connection. Without this procedure,
you will need to maintain user passwords in both a Landmark service
for MI socket and in a central repository, such as your corporate
LDAP.
There are two forms of the secadm mitrustsetup
command. One for creating a certificate file for exporting, and
one for importing the certificate into the Landmark environment.
For the procedure to set up MI socket trusted connections between Landmark and M3 Business Engine, see the Infor Landmark Technology Server Setup and Maintenance Guide or the M3 Enterprise Extensions Administration Guide.
Before using the secadm mitrustsetup
command, be sure to create the following backups. If an error occurs when you use secadm mitrustsetup
, you will not be able to delete entries from the Landmark keystore. You will need a backup.
-
The file system - especially the Landmark environment directories, including %LASYSDIR%
-
The .ssokeystore, .ssotruststore and authen.dat files
Parameters | Description |
---|---|
create
|
The
|
--miservice serviceName
|
Specify the name of the service that has set up for Landmark to M3 Business communication, such as the MISOCKET service for the M3 Enterprise Extensions. |
--alias Landmark-envname
|
Specify the name of the Landmark environment. |
import m3be-alias.cer
|
The import command imports the M3 BE
alias certificate that has been copied to the %LASYSDIR% directory.
To create this certificate, see the instructions in the "Setting Up
a Service for MI Socket Trusted Connections between Landmark and M3
Business Engine" in the
Infor Landmark Technology
Server Setup and Maintenance Guide or the M3 Enterprise Extensions Administration Guide.
|