Installing and configuring the SAML Session Provider 1.13 using LifeCycle Manager

Use this procedure to install the SAML Session Provider 1.13 using LifeCycle Manager.

The SAML Session Provider 1.13 has three different installation profiles all included in the same installation package:

  • Standard M3 – This profile is for on-premise installations for M3 BE, when the IFS server has the legacy default settings (ports 9680 and 9643). No advanced configuration options are available during installation. Default values are used. This profile requires that AD FS is installed on the same host and ports and using the same https certificate as IFS. This is not the default setting for AD FS 3, LTR or Infor OS.

  • Custom AD FS – This profile is for on-premise installations, when it is necessary to specify non-default configuration values, e.g. when the IFS web services and AD FS web entry point are not installed on default IFS ports (9680 and 9643). This profile is used for M3 with LTR or Infor OS.

  • Custom Ping – This profile is for cloud installations using IFS Cloud Edition.

If you want to use the SAML Session Provider 1.13 on-premise, your system must meet the following requirements:

  • AD FS is used as the Identity Provider (IdP).

  • Infor Federation Services is installed.

  • You have a domain account with the security roles IFSApplicationAdmin and AttributeServiceCaller. This should be a service user with a password that does not expire - otherwise, the password must be kept up-to-date. This user is used for authenticating IFS web service calls, both during installation and at runtime.

  • In AD FS the Endpoint "/adfs/services/trust/13/usernamemixed" for WS-Trust 1.3 is both Enabled and Proxy Enabled.

  • For IFS 11: The IFS security mode is set to "SAMLToken" or "SAMLToken Allowing Windows for Web Services".

Additional requirements for the "Standard M3" installation profile:

  • The IFS server is installed using default settings according to the IFS installation guide, e.g. using http port 9680 and https port 9643.

  • AD FS is installed on the same host and ports and using the same https certificate as IFS.

  • ION has been installed, so that the Person attribute is available in IFS.

To use the SAML Session Provider 1.13 in a cloud environment, your system must meet the following requirements:

  • PingFederate is used as the Identity Provider (IdP).

  • Infor Federation Services Cloud Edition is installed.

  • You have a properties file with the necessary IdP properties, the IFS CE properties and the Base64 encoded IFS client certificate together with the password for the certificate.

For an overview on authentication with SAML and IFS, see Authentication with SAML and IFS.