LS as STS Switch to ADFS - Required by Infor
According to Infor Support (Infor Xtreme), Effective March 1st, 2019, Infor has stopped providing discrepancy corrections and updates for the Lawson Security as Security Token Services (LS as STS) authentication mechanism for providing single sign-on (SSO) services to the Infor Lawson version 10 solution.
Here at ClearSky, we have assisted multiple clients in making the switch. In doing so, we have complied a list of FAQs that you might find worth checking out:
- Will we need to operate on any of our authorization roles?
- No, ADFS does not affect the authorizations of the applications, authorizations will remain the same. Roles are for authorization, not authentication. ADFS affects authentication.
- Will this impact our set up across other Infor Applications?
- Actually, LS as STS is only utilized for Infor Lawson products. AD FS will serve as your access point across all Infor Applications.
- Aren’t we fine if we are on v10.0.9 or lower? Do we need to switch?
- No, although LS as STS can be utilized, no update will be supporting this after March 1st, 2019. Security components within updates will not work with LS as STS, leaving you vulnerable and without support.
- What will the ADFS log in process look like?
- See the visual below for a better look!
- What ADFS versions are supported?
- ADFS 3.0 is certified to work for Ming.le version 11.0; Ming.le 12.0 (Infor OS) supports ADFS 4.0.
- Why do we need ADFS if we already have an existing AD?
- ADFS (Active Directory Federation Services) is different from AD (Active Directory). ADFS will still need to access your AD for authentication.
- How many ADFS servers do we need to provision? What are the hardware requirements?
- You will need to provision one ADFS server for each environment you have (e.g. if you have Test Environment and Production Environment, you will need to provision two ADFS servers). Required hardware/server specification is minimal, and is highly dependent on the number of users in your organization.
- What are the advantages of moving from LS STS to ADFS?
- Fix for the timeout issues inherent in LS STS. There are cases where the timeout is not synchronized across all applications even when explicitly set, thus resulting in various screen issues.
- Lawson will no longer get/process passwords. Authentication will be done BEFORE gh0
- Ease of setting-up two-factor authentication for added security.
- If you decide to host some applications with Infor (e.g. CloudSuite Financials) and keep some on-premise (e.g. Global Human Resource), you can use the same users and authentication to login to both.
- What are the Infor Lawson applications that utilize ADFS?
- LSF, Landmark, Ming.le all use ADFS, with the exception of LBI and MSCM (both of their authentication pass through LSF).