Configure the SP connection manually
This topic describes how to manually create a SAML connection in Infor OS or Infor Local Technology Runtime as STS for either Landmark or LSF.
You can also import the configuration from a file or a URL. Information about using these methods is in your Infor OS or Infor Local Technology Runtime as STS documentation.
-
Gather information that you will be prompted for when you perform this procedure. This includes:
-
Partner Entity ID
-
Endpoints
Descriptions of these parameters are in the steps that follow.
-
- In Infor OS or Infor Local Technology Runtime as STS, navigate to STS Panel > SP Connection. On the box that shows available SP connections, click the number of connections to go to the Edit page.
- Click Add to manually add the SP connection.
-
Specify the following information:
-
Display Name: This is the name you want to assign to the application, for example, Landmark or LSF.
-
Partner Entity ID: This is the Entity ID of your Service Provider. If it has not been configured as a property on your system, you can get it by executing the URL that gathers SAML metadata for your system. URL for Landmark URL for LSFNote: Partner Entity ID is case-sensitive,
Review the output of the call to locate the value for <md:EntityDescriptor entityID>. This value is what is needed for Partner Entity ID,
-
Description: This is the name you want to assign to the connection, for example, LMRK_connection or LSF_connection.
-
IFS Application Type: Determines what to send through the Registry service. Select the application type from the dropdown list.
-
If you are configuring the Landmark application, select:
LANDMARK
-
If you are configuring the LSF application, select:
LAWSONS3
-
-
Connection Endpoints: Configure endpoints for your connection. Use the following to understand the endpoints to configure for this application. Landmark and LSF are SAML connections. SAML applications require a minimum of two endpoints: Assertion Consumer Service (ACS) and Single Log Out (SLO). To locate these values review the XML output from the URL for gathering SAML metadata for your system. The values for AssertionConsumerService Binding and SingleLogoutService should be provided here.
Note: Because WS-Federation connections are supported by Infor OS or Infor Local Technology Runtime as STS, requirements for WS-Federation connections are included below. Infor Lawson applications are typically SAML.-
Endpoint Type: SAML applications require a minimum of two endpoints: ACS and SLO. WS-Federation applications have one WSFED endpoint.
-
Endpoint Binding: This parameter applies only to SAML connections. Configure POST or REDIRECT for this endpoint. POST is the default.
-
Endpoint URL: Specify the complete URL for this endpoint.
-
-
Primary Signing Certificate: This is the public certificate that will be imported on the SP Connection page of the STS Admin UI.
Upload the certificate you created and exported from either Landmark or LSF.
See Create a new self-signing certificate for Infor OS or Infor Local Technology Runtime as STS on Landmark or Create and configure a new self-signed certificate for Infor OS or Infor Local Technology Runtime as STS on LSF.
-
Secondary Signing Certificate: Infor Lawson does not use a secondary certificate.
-
Signature Algorithm: The algorithm used by your application to sign requests. This should be set to SHA1.
-
Signed Response: This parameter determines that the STS signs responses sent to the SP. It is enabled by default and cannot be changed.
-
Signed Assertion: Enable this parameter which determines whether the key information should be included in the signature.
-
Include Key Info: This parameter determines whether the STS should assign assertions sent to the SP. Enabled by default. Infor recommends that you retain the default selection.
-
Name Identifier Format: The method that identifies a user in communication between the STS and the SP. Infor recommends that you retain the default selection.
-
Name Identifier Value: This parameter is disabled.
-
Authentication Context Class: These are URLs that specify authentication methods in SAML authentication requests. Enabled by default. Infor recommends that all customers retain the default selection.
-
- Select Save when you are finished configuring the SP.