The ssoconfig Utility: Overview

What is the ssoconfig utility?

The ssoconfig utility is a command line tool for performing a variety of procedures related to services, agents and identities.

Who can run the ssoconfig utility?

The ssoconfig utility can only be run by a user who has been given access to the utility through Lawson Security.

By default the following users also have access to the utility.

  • On Windows: members of the Windows administrators' group

  • On UNIX: The users lawson or root

  • On IBM i: The user LAWSON

What can you do with the ssoconfig utility?

This section provides an overview of:

  • The reasons you would use the ssoconfig utility

  • ssoconfig procedures and ways to perform them

Procedure Why and when you would perform it Ways to perform
Create a service or agent

Some services are required to get Lawson up and running initially and are installed by default. Others might be installed by your installer or you might need to create them. (Your Lawson documentation will always tell you if you need to create an agent or service.) In general, a service or agent must exist and be populated with user identities before users can start working with the product or component for which the service or agent is needed.

In addition, you might need to make changes to an existing service or agent, which you could do at any time.

Run ssoconfig from the command line and respond to prompts.
Update a service or agent

If you make a change to your system that affects authentication, you will need to update all SSO services that will be affected. Some examples:

  • You changed the login URL for a service

  • You changed the web server port

  • You want to change whether or not users can change their passwords

  • You want to add some required or optional authentication parameters.

Run ssoconfig from the command line and respond to prompts.
Add identities for users All services must be populated with the identities of the users who are allowed to access the product for which the service or agent has been created. This is referred to as creating an identity for a service.
  1. Add identities for individual users when you add the user: You can add identities directly to Resource Management through the User Maintenance menu of the Lawson Security Administrator.

  2. Mass Add Identities: You can create an XML file template through the ssoconfig utility, populate it with identity information, and then use ssoconfig to feed the identities into RM. With this method, you first create the service manually (by responding to ssoconfig prompts) and then, when the service exists, use ssoconfig to create the template.

  3. For existing users, locate the user entry through the Resource Management Administrator and then add any required identities through the Add/Manage Identities dialog box.

Perform administration tasks related to users and passwords

Perform the following tasks on an as-needed basis:

  • Remove (or add) end-users' ability to change passwords.

  • Change the password for accessing the ssoconfig utility.

  • Change the password recovery mechanism: E-mail or no recovery.

    If no recovery is used, you must change the password from the command line.

    If e-mail is used, an e-mail address to receive the password must be provided. (The e-mail account must exist prior running the password recovery program.)

Run commands from the command line. Refer to the appropriate sections of this document.
Change technical settings for SSO

The following system configuration (authentication data store settings) can be changed through ssoconfig (although it would not be done often if at all):

  • Provider URL: If you physically move your LDAP server, you would need to update this URL or if you change the LDAP communication protocol from TCPIP to SSL or vice versa.

  • Initial content factory: Changes never needed by Lawson; change only if you need to.

  • LDAP user structure (cn=, on=, and so on) for the Lawson repository

Run appropriate commands from the command line.
Configuring endpoints This means configuring multiple web servers to communicate with a single application server. Instructions are in the document Lawson Administration: Server Setup and Maintenance.

ssoconfig utility: general usage tips

You run the ssoconfig utility from the command line. For most operations, a password is required. Make sure that the password is revealed only to authorized administrators. It is a good idea to change the password periodically.

Typically, when you run ssoconfig, many of the prompts will not apply to you. Review the meaning of the prompt in this documentation and, when it doesn't apply to your situation, press Enter to bypass it.

You respond to prompts either by selecting a number that represents an option or by typing a response. In either case, submit your response by pressing the Enter key. For typed responses, take care to avoid typos before pressing Enter. In some cases, typos can have undesired results.

Some prompts offer keys for Back and Exit. "Back" means return to the previous option so you can make a different selection. "Exit" means exit the ssoconfig utility without completing the procedure you were in the process of performing. Any changes you made prior to pressing "Exit" will not be saved.