Lawson Security: Important Concepts and Terminology
Lawson Security is a rules and roles based system for checking user rights to access various Lawson components.
The following table provides a brief introduction to the concepts and terminology related to user interfaces that are presented in this chapter.
Concept / term | What it means |
---|---|
agent |
A type of identity that does not require credentials. See "identity" later in this table. |
authentication |
The process through which a user presents credentials (authenticates) to a system. For Infor Lawson, Version 10, there are two options:
|
authorization | The process through which Lawson grants access to an individual component. |
credentials | What the user presents to the system in order to be authenticated. Typically, it is a valid user ID and password. |
DSP (Distributed Security Package) | DSP is the package that allows for communication between Infor Lawson System Foundation and the Sharepoint server which handles Kerberos authentication. |
identity |
An identity is a user entity on a particular Lawson service. See "service" later in this table. |
Kerberos protocol | The protocol used to authenticate users on the Sharepoint server. |
Lawson Security as Security Token Service (LS as STS) | An authentication protocol in which Lawson Security performs user authentication. |
LS runtime |
LS runtime is the main processing engine for looking up authorization requests to Lawson Security. Typically, it has multiple instances on a Lawson system, depending on how which Lawson system is calling it. For example, the IOS service, Transaction, the Environment tool Lawson Transaction Manager (LATM) and the COBOL runtime system (LACOBRTS) can all make calls to separate instances of LS runtime. In some cases, LS runtime is called from within its own server, LASE (for Lawson Security server). |
LDAP (Lightweight Directory Access Protocol) | Lawson stores globally interesting user data in a third-party, industry-standard LDAP directory. |
resource and RMID |
Resource is the term used for a user of the system. The RMID is the master identifier of the resource which links it to all services. |
service |
A Lawson system that participates in single sign-on. For example, Lawson Portal, Lawson Business Intelligence, and the Employee application are all Lawson systems that participate in single sign-on. |
session management | Session management is the general term for the series of processes that let users authenticate one time as long as their Lawson session remains active. |
Sharepoint server | Server where LSF users are authenticated. |
Single Sign-on (SSO) servlet | This servlet verifies that a user session is valid. |