Installing and configuring the SAML Session Provider

Use this procedure to install the SAML Session Provider. The SAML Session Provider version 1.13+ can be deployed to multiple hosts and started in multiple nodes. Previous versions of the SAML Session Provider should only be deployed on a single host and started in a single node.

The installation process differs between versions 1.13 and 1.14. Ensure that the instructions for the correct version is used.

If you want to use the SAML Session Provider, your system must meet these requirements:

For SAML Session Provider 1.14:

  • ION Grid installation runs on Java 8.

  • AD FS or InforSTS is used as the Identity Provider (IdP).

  • InforOS is installed.

  • When InforSTS is used, minimum required version of InforOS is12.0.32.

  • You have the name and password of a domain account that is an IFSApplicationAdmin and AttributeServiceCaller in the IFS application.

    This should be a service user with a password that does not expire; otherwise, the password must be kept up-to-date. This user is used for authenticating IFS web service calls, during installation and at runtime.

  • If AD FS is used, the endpoint "/adfs/services/trust/13/usernamemixed" for WS-Trust 1.3 is both Enabled and Proxy Enabled.

For SAML Session Provider 1.13:

  • AD FS or PingFederate is used as the Identity Provider (IdP).

  • Infor Federation Services is installed.

  • For on-premise versions of IFS, you have the name and password of a domain account that is an IFSApplicationAdmin and AttributeServiceCaller in the IFS application.

    This should be a service user with a password that does not expire; otherwise, the password must be kept up-to-date. This user is used for authenticating IFS web service calls, during installation and at runtime.

  • If AD FS is used, the endpoint "/adfs/services/trust/13/usernamemixed" for WS-Trust 1.3 is both Enabled and Proxy Enabled.

  • For IFS 11 only: If AD FS is used, you have access to the local Administrator password of the IFS/AD FS server, or the User Access Control (UAC) on the IFS/AD FS can be switched off during the installation of the SAML Session Provider.

  • If PingFederate is used, you have the required IdP and IFS properties available in the file.