Updating the ADFS Token-Signing Certificates

When the ADFS Token-Signing certificate is updated on the ADFS server, it will have to be imported to Lawson and Infor OS.  The networking team should let the Lawson team know when the certificate is being updated in ADFS.

The networking team will need to export the certificate and provide you with the “.cer” file before these tasks can be completed.

Update the Certificate in Lawson

1. Log onto the Lawson Server
2. Start a ssoconfig -c session
3. Go to “Manage WS Federation Settings” > “Manage Certificates”
4. Select “Delete IdP certificate”
   1. Enter the IdP service name for your ADFS configuration
      
5. Select “Import IdP Certificate”
   1. Enter the IdP service name for your ADFS configuration
   2. Provide the full path where you have the token-signing certificate saved
      

Reboot the server

 

Update the Certificate in Landmark

1. Open a LMK command line window
2. Type in secadm -m
3. Type the password
4. Manage WS Federation Settings > Manage WS Federation Certificate
5. Select “Delete IdP Certificate”
   1. Enter the IdP service name for your ADFS configuration
   2. Property name is IdPSigningCertificate
6. Exit
7. Select “Import IdP Certificate”
   1. Enter the IdP service name for your ADFS configuration
   2. Provide the full certificate path
   3. Property name is IdPSigningCertificate
      

 

Update the Certificate in Infor OS

Log into the Infor OS server as the LAWSON user

Double-click on the desktop icon for InforOSManager

 

Go to Identity providers on the left side

Double-click on the identity provider

 

Select “From URL” to import the new certificate and metadata

Provide the URL: https://<adfsserver>/federationmetadata/2007-06/federationmetadata.xml

Click “Load”

Make sure the certificates load (there may only be one, but there should be at least one)

 Reboot the server