Configure External Lawson to Authenticate Against LDAP Bind

There are a couple of authentication options when it comes to your external Lawson website.  If you want to authenticate using AD FS, you will have to put an AD FS server on the DMZ and make it externally facing.  If that is not an option at your organization, another option is to authenticate using the LDAP Bind.  Even when you implement AD FS for Lawson authentication, some pieces of the application (such as Add-ins) still require LDAP Bind.  So, you can set up your external website to take advantage of that service instead of AD FS.

The first step is to create an SSO domain if you don’t already have one.

Next, you will need to create a new HTTP endpoint with the values:

FQDN – the fully-qualified domain name of your externally facing web server

HTTP Port – the HTTP port your Lawson site uses (can be -1 if you want to disable HTTP)

HTTPS Port – the HTTPS port your Lawson site uses

SSO Domain – the LDAP Bind domain from the step above

Next, assign your new endpoint to your LDAP Bind service.  If you are still using LS as STS (as opposed to AD FS) for authentication to Lawson, this service is probably “SSOP”.  Otherwise, it is the service that was set up for LDAP Bind in applications like MS Add-ins or Lawson Security Administrator.

Next, you need to create an endpoint Group.  Give it a meaningful name that will let you know this is the group for external Lawson.

Now, assign your new endpoint to the endpoint group you just created.

Recycle services (or reboot your server), and do your smoke test.  Check the SSOServlet URL to make sure you are presented with the Infor Lawson login screen: