Creating a Black Box service

Before you perform this procedure, you must know:

  • The password to run the ssoconfig utility

  • The URL to your HTTP server if you are using HTTP for any connections

  • The URL to your HTTPS server if you are using SSL for any connections

  • The URL to the page that you want to open when the user logs in to this product

  • You must know how to formulate a Regular Expression.

  1. Run the ssoconfig utility. From a command prompt, type

    ssoconfig —c

  2. At the prompt, type the password for the ssoconfig utility.
  3. From the main menu, select "5" Manage Services and then select "1" Add Services.
  4. You will be prompted to type a name for the service.

    If you are creating a new service, type any name that you want to use. Be sure to jot down the name for future reference.

  5. At the prompt to choose authentication method, select "1" Form.
  6. Respond to program prompts.

    The following table lists the prompts and other messages that appear and describes how to respond to them.

    Note: In the following prompts, you will sometimes see options for "Back" or "Exit.". Back means return to the previous prompt to re-select options; Exit means end the ssoconfig session without changing any options.
    Prompt / Message Meaning Action to take

    This authentication method uses (user) for identifying user.

    This authentication method uses (password) and encrypts their values.

    Enter a comma-separated list of attributes you want on entries for this service.

    Hit enter if no attributes are specified [<empty>]

    This prompt determines the attributes that must be populated when new identities (users) are added for this service.

    What you are specifying here is the attributes that will appear on the User Maintenance dialog box when you add an identity for a user of this service.

    If the attribute is populated automatically through an XML file, these attributes must be accounted for in your XML file layout.

    You can add additional attributes, such as home_dir. If you choose to do so, add the additional parameters after the required parameters and separated by commas.

    To specify a user and password, replace "empty" with username,password. For example,

    [<user,password>]

    To add other attributes in addition to user and password (for example, home directory or home_dir), add them after "password" and separated by commas.

    [<user,password,home_dir>]

    Enter a comma-separated list of attributes whose values should be encrypted other than password.

    Hit enter if no attributes are to be specified [<empty>]

    The password attribute is always encrypted. You can also choose to encrypt user or any optional attributes you have added.

    If you want to encrypt the user attribute or any others, list them here in comma-separated format.

    If you don't want to encrypt any other attributes, press Enter to bypass this prompt.

    Enter a comma-separated list of attributes whose values are optional.

    Hit enter if no attributes are to be specified.

    If any of the attributes you have specified are not required, specify them here. For example, if you have specified the attributes, user, password, and home directory (home_dir) but home directory is optional, type home_dir here. Type the name of any attribute that are optional.

    Enter a comma-separated list of optional attributes whose values can be provided by the user.

    Hit enter if no attributes are to be specified [<empty>]

    If you want the user to be able to change any of the attributes for this service, specify them here. Typically, this is used to let users change their passwords for the service, but you could let them change any attribute. You could invoke this by giving users access through the product that uses this service to the page /sso/useratts.htm. For more information, see the section "Changing Specialized User Passwords via the useratts Page".

    Lawson Portal uses this method for enabling password change. Users, for whom password change is enabled, will do it through Lawson Portal.

    Type the name of any attribute that you want users to be able to change.

    Choose protocol for assertion:

    (1) Use HTTPS for logon only

    (2) Use HTTPS always

    (3) Use HTTP only

    "Use HTTPS for logon only" means that only the initial login screen will use https. All other connections will pass through http. This option can enhance performance if it is appropriate for your system.

    "Use HTTPS always" is the most secure option. All SSO traffic will go through SSL.

    "Use HTTP only" is the fastest protocol and is appropriate in some situations, for example, when all users are logging in from inside the firewall.

    Select the number that corresponds to the type or types of connection you use.
    Enter the HTTP url to authenticate to this service.

    If you use HTTP for any communication, type a URL for HTTP in the following format:

    http://YourWebServer.YourDomain.com:port#/YourPage

    If you will be using HTTP for some or all of your connections, type the URL.

    If all communication will be through SSL, type "null" here.

    You must type something here; if you do not, you will receive an error message.

    Enter the HTTPS url to authenticate to this service.

    If you use HTTPS for any communication, type a URL for HTTPS in the following format:

    https://YourWebServer.YourDomain.com:port#/YourPage

    If you will be using SSL for some or all of your communication, type the URL here.

    If all communication will be through HTTP, type "null" here.

    You must type something here; if you do not, you will receive an error message.

    Enter user name field for this service [<empty>] The name of the user ID field where users log in. Type the name of the field here.
    Enter the password field name for this service (<password>) The name of the password field where users log in. Type the name of the field here.

    Is this a grey box service?

    1 Yes

    2 No

    You are not creating this type of service. Select No. Select "2" for no.

    Is this a black box service?

    1 Yes

    2 No

    You are creating this type of service. Select Yes. Select "1" for yes.
    Please enter URLs for this service in Regular Expression. Type a URL in the appropriate format (Regular Expression). You must provide at least one URL here. If you do not, you will not be able to continue.
    Please enter call back time for this service in seconds.

    Enter the number of seconds to wait for redirection to a login page. The default is four seconds.

    If your server is busy, you might want to program a longer timeframe to give the server time to respond. If the wait time is too short, a login page appears prematurely.

    Type the number of seconds. The number must be greater than zero.
    Enter URL for this service [<empty>] This is the page where you want users of this service to be at when they select this service. You must provide a URL here. Type the URL in the appropriate format, for example: http://MyServer.MyDomain.com:port#/Mylocation/index

    When you are finished running the program, you should receive the message, "The service is created."