Authentication, Authorization, and Session management

Authentication

Authentication is the process of a user presenting credentials (ID and password) to a system that allows him or her to gain access.

There are two types of authentication, "front-end" and "back end.

Front-end authentication is when a user presents credentials, such as ID and password. For Infor Lawson System Foundation, this kind of authentication takes place on the Sharepoint server using the Kerberos protocol.

Back-end authentication means that, after being configured, a user or tool, such as a database, is granted behind-the-scenes authentication.

Authorization

Authorization means the system's checking of a user's right to access a specific object (form, data, job queue and so on) after authentication to the system itself has been achieved.

The main authorization engine for Lawson Security is called LS runtime. Depending on which component is calling LS runtime, it might run as an embedded component for the calling program. It can also be called from within LASE (the Lawson Security server).

Session management

Session management is the term for the series of processes that ensure that once a Lawson user authenticates (on the Sharepoint server), they are not prompted again for credentials unless their session has timed out.

Information about a user's valid authentication is stored in the user's browser as a session ID, an object with a unique identifier that is created when a new session is launched.