If JavaScript is disabled, please continue to the
sitemap
.
Infor Lawson Authentication Configuration Guide
Home
Home
Back
Back
Forward
Forward
Search
Help
Copy URL
PDF
Print this page
Help
Help
Copy URL
Copy URL
Topic URL copied to clipboard
PDF
PDF
Print
Hide the Table of Contents
Show the Table of Contents
Configuring Infor Lawson for Single Sign-on Authentication
Preliminary Procedures
Verify the Lawson Portal plugin installation
Verify installation and configuration users in SharePoint
Verify installation users in preparation for SharePoint configuration
Locate the user who runs application pools
Locate installation values
Configuring user BODs for on-premises and single-tenant installations
What are user BODs?
When are user BODs created and when are they not created?
Requirements
Verify that I/O boxes have been created
ION setup tasks for user BODs
Attaching the user BOD documents
Creating the document flow for user BODs (on-premises)
Infor OS Portal (or Infor Ming.le) setup procedures for user BODs
Updating other Infor OS Portal (or Infor Ming.le) properties
Landmark setup procedures for user BODs
Create and set Landmark configuration parameters for user BODs in on-premises installations
Adding Async roles to administrative users
Running the Landmark user BOD setup script
Enabling logging for ION BOD user provisioning
LSF Setup Procedures for User BODs
Update LSF schema to make email address a required property
Turn on the Required flag for the Email field
Running the ldifgen utility
Creating and loading a new service for ION APIs
Create the ION API service
Load the new ION service
Oracle customers: Update lsserver.properties
DB2 customers: Additional configuration steps
Update the Infor Security properties file for on-premises installations
Defining and configuring recurring jobs for ION APIs
Enabling logging for ION BOD user provisioning
Mass-synchronizing existing LSF roles for on-premises installations
Checking user BOD status and troubleshooting
Troubleshooting outbound user BODs for on-premises systems
User BODs coming from Landmark
Outbound user BODs: Issues to check
Troubleshooting inbound user BODs
User BODs coming to Landmark
Inbound user BODs: Issues to check
User BODs coming to LSF
Configuring Infor OS or Infor Local Technology Runtime as STS for Authentication with Infor Lawson Products
Preliminary Procedures and Information for Infor OS or Infor Local Technology Runtime as STS
Configuration scenarios covered in this section
Configuration prerequisites
Unfederating a federated Infor Lawson system
Unfederating using ssoconfig menus
Unfederating as a single command
Locate SAML metadata
URL for Landmark
URL for LSF
Configuring Landmark for Infor OS or Infor Local Technology Runtime as STS
Create a Claim-Based Login Scheme for Infor OS or Infor Local Technology Runtime as STS
Create and configure the Infor OS or Infor Local Technology Runtime as STS service for Landmark
Create the Infor OS or Infor Local Technology Runtime as STS service for Landmark
Create service properties for the Infor OS or Infor Local Technology Runtime as STS service
Change the Login Scheme to Claims-Based for SSOPV2
Update properties for the SSOPV2 service
Create a new self-signing certificate for Infor OS or Infor Local Technology Runtime as STS on Landmark
Configure the SP connection manually
Download the new certificate from Infor OS or Infor Local Technology Runtime as STS
Load the Infor OS or Infor Local Technology Runtime as STS certificate to Landmark
Infor Process Automation (IPA) installations: Additional procedures
Configuring LSF for Infor OS or Infor Local Technology Runtime as STS
Configure and load the Infor OS or Infor Local Technology Runtime as STS Service
Configure a login scheme and service to identify the relying party
Import the new service
Configure service properties for the Infor OS or Infor Local Technology Runtime as STS service with LSF
Configure the Primary Authentication Service (SSOP) for Infor OS or Infor Local Technology Runtime as STS
Export the SSOP service
Edit the exported service file
Import the edited service
Configure service properties for the SSOP service with Infor OS or Infor Local Technology Runtime as STS
Create and configure a new self-signed certificate for Infor OS or Infor Local Technology Runtime as STS on LSF
Configure claims
Create a new self-signed certificate for Infor OS or Infor Local Technology Runtime as STS
Configure the SP connection manually
Download the new certificate from Infor OS or Infor Local Technology Runtime as STS
Load the Infor OS or Infor Local Technology Runtime as STS certificate to LSF
Infor Process Automation (IPA) installations: Additional procedures
Additional Configuration: Landmark Calls to AGS
Configuring AGS calls when unfederated: Overview
Update the configuration parameter
Configuring AD FS for Authentication with Infor Lawson Products
AD FS Server Configuration
Update AD FS 4.0 Properties
Update AD FS 3.x Properties
Configure Session Timeout Values for AD FS
Setting the TokenLifetime parameter
Configuring the Web SSO Lifetime parameter in AD FS
Export a Signing Certificate from AD FS
Create a Relying Party Trust entry for the Infor Lawson environment (AD FS 4.0)
Configuring the Lawson System Foundation Server for AD FS
User identity format recommended for use with AD FS
Update lsservice.properties for AD FS authentication
Configure the Primary Authentication Service (SSOP)
Export the SSOP service
Edit the exported service file
Import the edited service
Create a Token Signing Certificate and Configure Claims for AD FS
Creating a new self-signed certificate
Configure claims
Configure and Load the AD FS Service
Configure a service to identify the relying party
Import the new service
Configure Service Properties for the AD FS Service
Load the AD FS signing certificate using ssoconfig
Configure Service Properties for the SSOP Service with AD FS
Configure existing Lawson identities for use with AD FS
Add required .jar files to the WebSphere classpath
Update required .jar files to the Websphere classpath
Restart Infor Lawson
Perform LSF Authentication Smoke Tests for AD FS
Configuring Landmark for AD FS Authentication
User identity format recommended for use with AD FS
Update lsservice.properties for AD FS authentication
Creating a Claims-Based Login Scheme
Create the AD FS service for Landmark
Create the AD FS service using Infor Rich Client
Create service properties for the new AD FS service
Change the Login Scheme to Claims-Based for the Primary Authentication Service
Configure the primary authenticating service
Creating and exporting claims for AD FS
Create a New Self-Signed Certificate
Load the AD FS signing certificate
Change key value for identities already on the primary service (SSOP or SSOPV2)
Perform Landmark smoke tests
Access the SSOCfgInfoServlet to test authentication
Next Steps for Configuring LSF or Landmark for AD FS Installation
Next Steps for configuring LSF or Landmark for AD FS
Post-Federation tasks when configuring LSF or Landmark for AD FS authentication
Point the secondary service to point to the ldapbind service when LSF is primary
Point the secondary service to point to the ldapbind service when Landmark is primary
Perform smoke tests
Additional Configuration for Special Authentication Scenarios
Additional configuration for installations requiring LDAPBIND authentication on LSF
LDAPBIND Setup for LSF
Create a New Web Server Instance or Assign a New Web Server Port for the LDAPBIND Service on LSF
Configure the LDAPBIND Service and Login Procedure for LSF
Create the LDAPBIND service
Configure the LoginProcedure
Create a privileged identity for the login procedure service to recognize ldapbind authentication
Create and Configure an SSO Domain and Endpoints for LDAPBIND Authentication
Creating the new SSO domain
Creating an endpoint
Creating an endpoint group
Adding an endpoint to an endpoint group
Assigning the new endpoint to required services
Configure existing Lawson identities for use with LDAPBIND (optional)
Restart Infor Lawson
Perform LSF Authentication Smoke Tests for LDAPBIND
Additional configuration for installations requiring LDAPBIND authentication on Landmark
Create a New Web Server (or Port) for the LDAPBIND Service
Deploy Infor Lawson Applications to the New Web Server
How to add mappings to the new web server: Example
Deploy applications
Create and Configure an SSO Domain and Endpoints for LDAPBIND Authentication
Create a text file with input properties for the secadm utility
Create additional text files as needed for additional LDAPs in a multi-LDAP configuration
Load the edited LDAPAUTH.txt properties file
Load the edited input files for each additional LDAP in a multi-LDAP configuration
Assigning LDAPs to the LDAPBIND service in a multi-LDAP configuration
Creating an ldapbind service for the new domain
Creating a new SSO domain
Loading the service properties for the Ldapbind service
Creating an endpoint
Creating an endpoint group
Adding an endpoint to an endpoint group
Assigning the new endpoint to the LDAPBIND service
Assign the HTTP Endpoint for LDAPBIND for all required Landmark services
Change key value for identities already on the LDAPBIND service
Update the Grid to use the ldapbind Service for Authentication to Infor Rich Client
Change the authenticating service
Update the Login Scheme and Referenced Service for the Grid Service
Restart Infor Lawson
Perform Smoke Tests for Landmark LDAPBIND
Configure Landmark for Xref Authentication
Create the New Web Server (or Port) for the Xref Service
Deploy Infor Lawson Applications to the New Web Server
How to add mappings to the new web server: Example
Deploy applications
Create and Configure an SSO Domain and Endpoints for Xref Authentication
Create a new loginscheme for Xref authentication
Creating a service (Xref) for the new domain
Creating a new SSO domain for Xref authentication
Loading the service properties for the Xref service
Creating an endpoint
Creating an endpoint group
Adding an endpoint to an endpoint group
Assigning the new endpoint to the Xref service
Assign the HTTP Endpoint for Xref to all required Landmark services
Assign a User Identity to the Xref Service
Restart Infor Lawson
Perform Smoke Tests
Configuring ADAM for multi-LDAPBIND
Multi-LDAP Using ADAM Preliminary Setup
Preparing the Infor Lawson Server for Multiple LDAPs
Stop the Infor Lawson system
Run the ldife command
Delete Service Objects from ADAM
Edit the LoginScheme Attribute in ADAM
Connect to ADSI Edit
De-activate the old Infor Lawson login scheme
Locate the attribute ID of the LoginScheme and the distinguished name
Create an ldif template file
Load the template file
Verify that the new attribute was added
Add the login scheme attribute to object classes optional attributes
Reload the original services back to LDAP
Restart the Infor Lawson system to make changes take effect
Make the LoginScheme Variable Multi-Valued Using Infor Lawson Schema Editor
Refresh metadata
Make the LoginScheme attribute multi-valued
Create the attribute LoginSchemeExpression
Add the LoginSchemeExpression attribute to Service Objects
Export and Reload Updated Schema
Export LDIF
Load the LDIF files to the LDAP server
Perform the Infor Lawson system restart sequence
Verify that metadata has been updated
Updating the THICKCLIENT Service Using the ssoconfig Utility
Export the THICKCLIENT Service definition
Edit the exported XML file
Create Additional LoginSchemes for each LDAP in the trust
Add the LoginSchemeExpression to the service
Sample XML File: After Editing for Multiple LDAPs
Import the new service file
Load the updated service and identity file to LDAP
Create a SSOP_BIND privileged identity for each login scheme on the THICKCLIENT service
Perform the Infor Lawson system restart sequence
Verify that the ldapbind to multi-LDAPs setup is working
Configuring Specific Applications for Single Sign-on Authentication
Setting Up Data Transfer between Infor Learning Management and Infor Human Resources Management version 10
Add required .jar files to the WebSphere classpath
Update required .jar files to the Websphere classpath
Exporting Employees and Managers for Infor Learning Management: Overview
Exporting Employees to Infor Learning Management
Exporting employees using ssoconfig interactive menu prompts
Exporting employees using the command-line
Exporting Levels to Infor Learning Management
Exporting levels using ssoconfig interactive menu prompts
Exporting levels using the command-line
Exporting Managers to Infor Learning Management
Exporting managers using ssoconfig menu prompts (standard method)
Exporting managers using the command line
Perform additional configuration on the HRM application side
Create a Bookmark for the Infor Learning Management Link to Courses
Gather Information needed by the Infor Learning Management server
Configuring Single Sign-on for Human Resources Service Delivery (HRSD) and Infor Talent Management (TM)
Gather Prerequisite Data
Create and Load the HRSD Service File
Create the HRSD service file
Load the HRSD service file to Infor Security
Create the required Service Property using Infor Rich Client
Build Links for User Access to HRSD and TM via SSO
Locate ports needed for the links
Candidate Preboard tour link
Employee Onboard tour link
Recruiter and hiring manager link to HRSD from the Infor Rich Client applet
Additional parameters for the link if your service is not named "enwisen"
Configuring Single Sign-on for HRSD or Infor Learning Management on Infor Lawson System Foundation (LSF)
Perform LSF Setup Procedures
Configure Service Properties for the SSOP service
Create and configure a service to identify the relying party for HRSD or LM
Import the new service
Adding properties for the HRSD or LN service
Configure claims
Creating a new self-signed certificate
Exporting the self-signed certificate
Configuring for Kerberos Authentication
Configuring for LSF Kerberos Authentication on WebSphere
Kerberos Configuration Locations
Enabling Windows Integrated Authentication or Kerberos Authentication for the Mozilla Firefox 3 browser
Enabling Windows Integrated Authentication on Firefox 3
Enabling Kerberos Authentication on Firefox 3
Setting Up Users
Installation Worksheet for WebSphere
Assign the Service Principal Name and Create the Key File on WebSphere
Set up the Kerberos Configuration on the WebSphere server
Copy the krb5.conf to required locations
Enable and Configure WebSphere Global Security
Enable SPNEGO in WebSphere
Configuration for Java Authentication and Authorization Service on WebSphere
WebSphere 8.5.5 and higher only: Add the custom property for Java
LSF only: Add the spnego.jar to the WebSphere application server JVM classpath
Re-start WebSphere
Additional LSF Configuration for Kerberos
Finish configuring the Lawson environment
Create a login.conf file
Modify the lsservice.properties file
Change the SSOP service to use the Kerberos Login Procedure
Export the SSOP service and create a backup
Edit the SSOP service to include the Kerberos login scheme
Configure identities for the lawson and spservices users
Create a Privileged Identity in the SSOP Service
Restart the Lawson environment and the application server instance
Log in to Lawson Portal
Setting up Landmark for Kerberos
Create a Landmark login scheme for Kerberos
Create a Form Based identity for the SSOPV2 Service
Create a Privileged Identity for the SSOPV2 service
Change the key values for the "lawson" identity for the SSOPV2 service
Assign the KERBEROS login procedure to the SSOPV2 service
Configure the Landmark environment
Copy the krb5.conf file from WAS_HOME kerberos to JAVA_HOME jre lib security and
Create a login.conf file in JAVA_HOME jre lib security and .
Restart the Landmark environment
Run Landmark smoke tests
Log in to the Lawson Rich Client
Troubleshooting
Troubleshooting
Enabling security tracing for troubleshooting using .Net
Enabling the Server Cache Analyzer on Landmark
Clear server cache on LSF
Update required .jar files in WebSphere classpath
Updating required .jar files in WebSphere classpath
Open link in new tab
Open link in new window
Copy link to clipboard