Changing Other SSOP Service Attributes
This procedure explains how to change attributes for the SSOP service. It does not explain how to enable/disable users' ability to change their passwords.
The following section describes the attributes, in addition to allowing users to change their passwords from Lawson Portal, that you can change for the SSOP service. Typically, you will not need to change the SSOP service often, if ever.
To change other SSOP service attributes
-
Run the ssoconfig utility. From a command prompt,
type
ssoconfig —c - At the prompt, type the password for the ssoconfig utility.
- From the main menu, select "5" Manage Lawson Services and then select "2" for Change existing service.
-
You will be prompted to type a name for the service.
Type
SSOP - At the prompt to choose authentication method, select "1" Form.
-
Respond to program prompts.
The following table lists the prompts and other messages that appear and describes how to respond to them.
Prompt / Message Meaning Action to take You have chosen to change the existing LogIn scheme.
This authentication method uses (user) for identifying user.
This authentication method uses (password) and encrypts their values.
Enter a comma-separated list of attributes you want on entries for this service.
Hit enter if no attributes are to be specified [<empty>]
This prompt determines the attributes that must be populated when new identities (users) are added for this service.
You are specifying the list of attributes that will appear on the User Maintenance dialog box when you add an identity for a user of this service.
You can add an attribute. For example, you can use this prompt to add an attribute, like home directory (home_dir), to the identity entry for all users of this service.
You can also remove an attribute that you added. You cannot remove "user" and "password."
To add other attributes in addition to user and password (for example, home directory or home_dir), add them after "password" and separated by commas.
[<user,password,home_dir>]If no changes are needed at this prompt, press Enter without making any changes.
Enter a comma-separated list of attributes whose values should be encrypted other than password.
Hit enter if no attributes are to be specified [<empty>]
This prompt is for encrypting an attribute. If you have created a new attribute that you want to encrypt, you can add that value here.
You could also use this prompt to unencrypt a value for an attribute. This is not something you would typically do; the most likely reason would be because you chose encrypting by mistake.
The password attribute must be encrypted; you cannot choose to unencrypt it.
List any attributes that you want to encrypt in comma-separated format.
If an attribute is listed as encrypted and it should not be, remove from the list.
Take care not to make changes that you do not want to make.
If no changes are needed at this prompt, press Enter without making any changes.
Enter a comma-separated list of attributes whose values are optional.
Hit enter if no attributes are to be specified.
Suppose you added the attribute "home_dir" in the first prompt and you want the attribute to be optional. That is, you do not want the security administrator to be required to specify a value for home_dir but they can do so if they want to. You would use this prompt to specify that home_dir is optional.
If you want to change an attribute that was previously optional to be required, you can do so through this prompt. If you change an attribute to be required for an entry that is already populated, you must make sure all entries are populated.
For example, if home_dir already existed but was optional and you change it to be a required attribute, you must make sure that all identities on the service have home_dir populated after you make the change.
Type the name of any attribute that are optional in a comma-separated list.
Remove any from the list that are not optional.
Take care not to make changes that you do not want to make.
If no changes are needed at this prompt, press Enter without making any changes.
Enter a comma-separated list of optional attributes whose values can be provided by the user.
Hit enter if no attributes are to be specified [<empty>]
If you have allowed password change and you want to disallow it, or if password change through Lawson Portal is not allowed and you want to allow it, change it through this prompt.
If you want the user to be able to change any other attributes for this service, specify them here. Typically, this is used to let users change their passwords for the service, but you could let them change any attribute. You could invoke this by giving users access through the product that uses this service to the page /sso/useratts.htm.
See Changing Specialized User Passwords through the useratts Page.
If you want to enable password changing, specify "password" here.
If password is listed here and you want to prevent users from changing their passwords, remove the word "password" here.
If you want users to be able to change or not change the value of a value other than password, type the attribute name here or remove it from the list.
Take care not to make changes that you do not want to make.
If no changes are needed at this prompt, press Enter without making any changes.
Choose protocol for assertion:
(1) Use HTTPS for logon only(2) Use HTTPS always(3) Use HTTP onlyIf you need to change the protocol used for SSO communication, do so here.
"Use HTTPS for logon only" means that only the initial login screen will use https. All other connections will pass through http. This option can enhance performance if it is appropriate for your system.
"Use HTTPS always" is the most secure option. All SSO traffic will go through SSL.
"Use HTTP only" is the fastest protocol and is appropriate in some situations, for example, when all users are logging in from inside the firewall.
Select the number that corresponds to the type or types of connection you use.
You must select the number even if you are not making any changes to this attribute.
Enter the HTTP url to authenticate to this service. Use this prompt to change the URL for your HTTP connections (if any are used).
If you use HTTP for any communication, type a URL for HTTP in the following format:
http://YourWebServer. YourDomain.com: port#/sso/SSOServletIf you will be using HTTP for some or all of your connections, type the URL.
If all communication will be through SSL, type "null" here.
You must type something here even if you are not making a change to this attribute. If you do not, you will receive an error message.
Enter the HTTPS url to authenticate to this service. Use this prompt to change the URL for your HTTPS connections (if any are used).
If you use HTTPS for any communication, type a URL for HTTPS in the following format:
https://YourWebServer. YourDomain.com: port#/sso/SSOServletIf you will be using SSL for some or all of your communication, type the URL here.
If all communication will be through HTTP, type "null" here.
You must type something here even if you are not making a change to this attribute. If you do not, you will receive an error message.
Enter user name field for this service [<empty>] Do not make any changes here. Press Enter to bypass this prompt without making any changes. Enter the password field name for this service (<password>) Do not make any changes here. Press Enter to bypass this prompt without making any changes. Is this a grey box service? This should be set to No ("2"). You must select "2" here even though you are not changing this attribute. Is this a black box service? This should be set to No ("2"). You must select "2" here even though you are not changing this attribute. Enter URL for this service [<empty>] Change the URL for the service. This is the page where you want users of this service to be at when they select this service. Type the new URL in the appropriate format, for example: http://MyURL.htm/indexWhen you are finished running the program, you should receive the message, "The service is created."