Create a Relying Party Trust entry for the Infor Lawson environment (AD FS 4.0)

Perform the steps in this section only if you are configuring AD FS 4.x.
  1. Launch the AD FS Management Console.
  2. Select and right-click Relying Party Trusts.
  3. Choose Add Relying Party Trust.
  4. Walk through the wizard to configure an entry.
    1. Select Claims aware.
    2. Click the Start button.
    3. Choose Enter data about the relying party manually and then click Next.
    4. Choose Display Name for the server you are currently configuring, for example, Infor Lawson 10, and then click Next.
      Note: If you are configuring a server on the Infor OS or Infor Local Technology Runtime technology platform, where multiple servers can point to the same AD FS instance, you must take care to use unique names for each server (for example, "InforLawson10Test" and "InforLawson10Prod").
    5. Click Next again.
    6. For Enable support for WS-Federation Passive Protocol, specify the URL for the SSO Servlet on the Infor Lawson 10 environment. Certificates are case-sensitive. Be sure to match case, for example, "/sso/SSOServlet," not "/SSO/SSOSERVLET."

      Examples:

      https://YourLSFServer.YourAuthenticatingDomain.com/sso/SSOServlet

      https://YourILMRKServer.YourAuthenticatingDomain.com/sso/SSOServlet

    7. Click Next.
  5. Verify that the URL you added in the previous step appears.

    If it appears, click Next.

    If the field is blank, retype the URL for the SSO Servlet (from step 4f) and then click Next.

  6. Choose Permit everyone and then click Next.
  7. Click Next again.
  8. Check the box for Configure claims issuance policy for this application and click Close.
  9. Right-click the new Relying Party Trust and select Edit Claim Issuance Policy > Add Rule.
  10. For Claim Rule Template, select Send LDAP Attributes as Claims and then click Next.
  11. Provide a claim rule name, for example, "Claim Rule 1".
  12. For Attribute Store, select Active Directory.
  13. For LDAP Attribute to Map, select User-Principal-Name.
  14. For Outgoing Claim Type,select Windows account name.
  15. Click Finish and then click Ok.
  16. If your installation includes multiple endpoints (web servers), perform steps 2-14 for each endpoint.

    A typical reason for multiple web servers is if your installation allows users to log in from outside the firewall.

    For more information on configuring multiple endpoints, search the help system for the topic "Configuring Multiple Endpoints for External and Internal Web Servers."