Follow these 6 simple steps to change your password on Infor Cloudsuite.
This is a more in-depth look at the security classes assigned to Landmark Security Roles. To find a better overview of Landmark Security Roles, see our article on “Infor Landmark Security Roles (ST) explained”
| Delivered Class | Access Details |
| BasicProductLineAccess_ST | In conjunction with ProductLineAccess_ST, provides general product line access that all Landmark actors need. |
| InbasketUser_ST | Access to user’s own Inbasket for reviewing and taking action on work items. |
| Lpa_ST | Access to the Infor Process Automation system, including menus in Infor Rich Client. All IPA users need this. |
| LpaAdmin_ST | Access to Infor Process Automation administration menu options in Infor Rich Client. |
| JobQueueAccess_ST | Access to the Landmark job queue. |
| ProcessAutomationProxy_ST | Access to business classes related to proxy assignments |
| ProcessDesigner_ST | Access to the business classes that the Infor Process Designer tool needs. |
| ProcessSchedulingAllAccess_ST | Provides read, write access to IPA triggering features. |
| ProcessServerAllAccess_ST | Provides read, write access to all IPA features. |
| ProcessServerReadAccess_ST | Provides read access to all IPA features |
| ProductLineAccess_ST | In conjunction with BasicProductLineAccess_ST, provides general product line access that all Landmark actors need. |
| ScheduledActionsAccess_ST | Provides the ability to schedule Landmark actions. |
| ConfigConsoleSecurityAdmin_ST | Provides all access to the Landmark Configuration Console. |
From time to time you may get inquiries from a client’s audit team about Landmark Security Roles. This overview table helps explain their uses assuming no modifications were made to them by the organization or Infor. To see a more in-depth understanding of Landmark classes, see our article: “Infor Landmark Security Classes (ST) explained”
| Delivered role | Intended for use by | Contains these security classes |
| InbasketUser_ST | Normal end-users who receive work items in the Inbasket | BasicProductLineAccess_ST
ProductLineAccess_ST InbasketUser_ST Lpa_ST ProcessSchedulingAllAccess_ ST |
| JobQueueServer_ST | Users who must perform actions on the Landmark job queue. | BasicProductLineAccess_ST
ProductLineAccess_ST JobQueueAccess_ST |
| ProcessDesigner_ST | Process developers | BasicProductLineAccess_ST ProductLineAccess_ST
Lpa_ST ProcessDesigner_ST ProcessSchedulingAllAccess_ ST |
| ProcessServerAllAccess_ST | IPA system administrators | BasicProductLineAccess_ST ProductLineAccess_ST
Lpa_ST LpaAdmin_ST ProcessServerAllAccess_ST ProcessSchedulingAllAccess_ ST ScheduledActionsAccess_ST |
| ProcessServerReadAccess_ST | IPA assistant administrators, power users, developers (depending on policies at
your site) |
ProductLineAccess_ST
ProcessServerReadAccess_ST |
| Not delivered through a role. Assign the class to any role for users who need to assign proxies. | Users who need to assign Tasks to other users to cover for them. | ProcessAutomationProxy_ST |
| ConfigConsoleSecurityAdmin_ST | Users who need full access to the Configuration Console. | ConfigAdminAccess_ST
SecurityConfigAccess_ST ConfigConsoleSecurityAdmin_ ST |
If your Lawson Add-ins is not working, check the following:
That’s it! Steps 2 through 4 are examples of Lawson Add-ins in Excel 2010.
Here are 5 things you can check for when seeing what is wrong with Lawson:
So, you have a job failing, possibly a multi-step job and you’ve either ran into the “Cannot process loc” error or something like “Bad File Status 4 7 On File <Filename>”
This isn’t allowing the job to run and or pick lists to be printed.
The OE-RUN-STATUS values are:
0 – No processing in progress
1- Allocation Feedback Running (WH110)
2- Pick List Print Running (WH130, WH131)
3 – Picking Feedback Running (WH132 – Feedback step 1)
4 – Packing Feedback Running (WH132 – Feedback step 2)
5 – Shipping Feedback Running (WH132 – Feedback step 3)
6 – Ic Reorder Running (IC140, IC141, IC142) The IT Team can use command such as tmmon to verify.
Good luck!
The Lawson Form Transaction node is used to create AGS calls to make updates to Lawson Forms. If you already have an AGS call built, you can simply put it in the property window of the node. You can also build an AGS call from scratch by clicking the “Build” button and going through the Wizard. The connection should already be using your Infor Lawson configuration set, but you can set that explicitly if desired. For this node to work, it is important that you have the Infor Lawson tab configured in your “main” configuration set in Landmark/IPA. You can get more information on how to do that here.
In the Build wizard, select your product line, the module, and the token where you are making updates. The Method(s) available to that token will be all the methods available to the token in Lawson portal.
Move over the field(s) that you want to update. Make sure you include the fields that are required on the form. If you are making a change, make sure you include the key fields and their values for the item you are changing. The Value can be a hard-coded value, or a variable available to the node.
Click finish when you have filled in all your desired fields. The AGS call will now appear in the property window.
The Resource Query node can be used to query Lawson user (RM) data in Lawson Security. This node can be especially useful for automated user functions, such as onboarding and offboarding.
To start a query, click “Build” on the properties screen.
Select the RM Object and the Service that you want to use and click “Get Attributes”. Choose the Attributes that you want to retrieve from each user’s record. Then click “Next” to select the search criteria.
You can choose users based on their Resource (RM) data or Services, or both.
Once you click finish, the query should be built in the properties window.
There are a couple of authentication options when it comes to your external Lawson website. If you want to authenticate using AD FS, you will have to put an AD FS server on the DMZ and make it externally facing. If that is not an option at your organization, another option is to authenticate using the LDAP Bind. Even when you implement AD FS for Lawson authentication, some pieces of the application (such as Add-ins) still require LDAP Bind. So, you can set up your external website to take advantage of that service instead of AD FS.
The first step is to create an SSO domain if you don’t already have one.
Next, you will need to create a new HTTP endpoint with the values:
FQDN – the fully-qualified domain name of your externally facing web server
HTTP Port – the HTTP port your Lawson site uses (can be -1 if you want to disable HTTP)
HTTPS Port – the HTTPS port your Lawson site uses
SSO Domain – the LDAP Bind domain from the step above
Next, assign your new endpoint to your LDAP Bind service. If you are still using LS as STS (as opposed to AD FS) for authentication to Lawson, this service is probably “SSOP”. Otherwise, it is the service that was set up for LDAP Bind in applications like MS Add-ins or Lawson Security Administrator.
Next, you need to create an endpoint Group. Give it a meaningful name that will let you know this is the group for external Lawson.
Now, assign your new endpoint to the endpoint group you just created.
Recycle services (or reboot your server), and do your smoke test. Check the SSOServlet URL to make sure you are presented with the Infor Lawson login screen:
There is a common issue that may present itself when installing Distributed Security Package (DSP) for Ming.le. The install will fail when trying to retrieve the trust store from the LSF server, with a message similar to the screenshot below. There will also be exceptions in the LASE logs on the LSF server indicating a certificate issue (“Received fatal alert: certificate_unknown”).
Except from LASE log:
20-04-15 19:58:11:874 12 default.SEVERE authen.SSOServer.run(): SSOServer: Got unexpected exception when processing new secured connection com.lawson.security.server.LawsonNetException: Got exception while writing to connection /172.18.8.58,40001
Stack Trace : com.lawson.security.server.LawsonNetException: Got exception while writing to connection /172.18.8.58,40001
at com.lawson.security.server.AbstractDefaultEventSource.write(AbstractDefaultEventSource.java:299)
at com.lawson.security.server.Connection.<init>(Connection.java:170)
at com.lawson.lawsec.authen.SecuredConnection.<init>(SecuredConnection.java:39)
at com.lawson.lawsec.authen.SSOServer.run(SSOServer.java:180)Caused by:
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2020)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1127)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:750)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at java.io.DataOutputStream.flush(DataOutputStream.java:123)
at com.lawson.security.server.AbstractDefaultEventSource.writeMsg(AbstractDefaultEventSource.java:348)
at com.lawson.security.server.AbstractDefaultEventSource.write(AbstractDefaultEventSource.java:287)
… 3 more
If you come across this issue, you will need to add a line to the lsservice.properties file.
To handle multiple certificate in the keystore when LS as STS (Verify if your SSOP service definition has any of these listed for the PRIMARYTARGETLOOKUP; Use Ldap Binds, Verify passwords in Lawson Security, Use Claim Based, or Kerberos) or “AD FS” is configured, edit LAWDIR/system/lsservice.properties and add the property below.
server.keystore.use.classic=false
In a Federated environment the property needs to be added in federated systems that are configured to use STS or ADFS such as in the Landmark System configuration in the LAENV/system/lsservice.properties file there
Once this line has been added it will not take effect until you stop WebSphere and the LSF environment and then start the LSF environment and start WebSphere.
**NOTE**
If your LSF environment is federated with Landmark you should stop and start landmark after the LSF side of things are back up and running.