Cloud V11 Couldn’t Trigger Delivered IPA Service

,

The other day, we configured the delivered IPA service PurchaseOrderApproval, which is supposed to be triggered by releasing a PO.  We set up the purchasing companies to require approval, and we made sure the buyers used the company defaults.  And still when we would release a PO, the status went to “Released. Not Issued.” instead of “Needs Approval”, and no work units were created.

After verifying all of the settings on the Service Definition and IPA process, we finally realized that the tester did not have any Context Properties attached to her Actor record.  Context Properties are found under the Security menu when you log into CloudSuite Financials under the Administration Console role.  To assign contexts to an actor, choose “Actor Context”.  Search for your actor, and add the necessary context values to the actor.  The value will be your company’s Finance Enterprise Group, a value provided to you by Infor.

Other Authentication Options for Infor Lawson Applications

,

On March 1, 2019, Infor will no longer support LS/STS authentication configuration for Lawson applications.  The Infor recommended configuration will be to use Active Directory Federation Services (ADFS) for Single Sign-On (SSO) authentication. To learn more about ADFS, check out our other articles on the topic:

 

What are our other options?

If your organization chooses not to move to ADFS at this time, you have two other temporary options.

  1. Use Kerberos for authentication

Kerberos is another authentication type provided by Windows, and also works with your Active   Directory.  This authentication type is supported in Infor Lawson 10.

 

  1. Stay in an unsupported authentication configuration

As of March 1, 2019, Infor will no longer be releasing Lawson patches that take LS/STS authentication method into account.  This doesn’t mean your current versions of Lawson applications will stop working if you fail to move to ADFS at this time.  It just means that you won’t be able to upgrade past a specific ESP for each product (10.0.9 for Lawson).  When Infor sunsets the product versions that allow LS/STS, you will then be on an unsupported product version.  It is looking like this will happen sometime early 2021.

 

Have more questions? Contact us and setup a free, no obligation call with our installer to answer all your questions.

Five Things You Need to Know About Implementing ADFS For Your Infor Lawson Applications

,

On March 1, 2019, Infor will no longer support LS/STS authentication configuration for Lawson applications.  The Infor recommended configuration will be to use Active Directory Federation Services (ADFS) for Single Sign-On (SSO) authentication. To learn more about ADFS, check out our other articles on the topic:

Five Things to Know About Implementing ADFS

Here are some pro tips to help you prepare for your ADFS implementation.

  1. Version compatibility is important

Before you begin your ADFS implementation, it is important that you verify component compatibility.  Check the Lawson compatibility matrix for which version of ADFS is compatible with your versions of Lawson and Ming.le.  You must also verify that the version of ADFS you are installing is compatible with your version of Active Directory.  Additionally, you will need a minimum Windows Server version of 2012R2 on the server that is hosting ADFS and your domain controllers.

 

  1. You might need a new server(s)

The ADFS installation for Infor Lawson applications also requires Infor Federation Services (IFS) to be installed on the same server.  If you are not prepared to host IFS on a shared ADFS server, you will need to stand up a new Windows server dedicated to ADFS/IFS for Infor applications.

 

  1. There will be small changes in user maintenance

ADFS is an authentication method, and user maintenance will change slightly.  For instance, you will be able to disable users right in ADFS rather than having to do it in Lawson Security.  Also, there will be a new identity to maintain in Lawson Security.  When you implement ADFS, you will need to import all your users into IFS.  However, implementing ADFS will not change the user authorization tools.  You will still use Lawson Security Administrator (LSA) or Infor Security Services (ISS) to maintain users and roles, and those roles will work the same.

 

  1. SSL is required for Infor Lawson applications

All of your Lawson web applications must use HTTPS to be able to implement ADFS.  If your web applications are not currently using HTTPS, it is recommended that you make this change prior to implementing ADFS.  You will need to choose a certificate authority (CA) and install certificates at each endpoint.

 

  1. You need a SQL Server to host IFS databases

IFS will create new SQL Server databases, so you will need to have a SQL Server to host those.  You can use a shared database server for this, such as your server that hosts Ming.le data or the server that hosts your Lawson data.

 

Have more questions? Contact us and setup a free, no obligation call with our installer to answer all your questions.

 

Seven Myths About Implementing ADFS For Infor Lawson

,

On March 1, 2019, Infor will no longer support LS/STS authentication configuration for Lawson applications.  The Infor recommended configuration will be to use Active Directory Federation Services (ADFS) for Single Sign-On (SSO) authentication. To learn more about ADFS, check out our other articles on the topic:

What is ADFS?

Active Directory Federation Services is a Single Sign-On service provided by Microsoft.  It runs on Windows Server, and provides users with the ability to sign on with one set of credentials across applications.

How does ADFS work with Lawson?

 

Why change our authentication method?

Although there will be some work up front to modify your configuration from LS/STS to ADFS, using ADFS for SSO authentication is actually beneficial to your organization.  It is more secure because Infor applications will never have access to a user’s password.  It is also a bit easier to maintain your Infor users in ADFS, in that you can enable/disable the users right within Windows instead of having to do it in Lawson Security.  Additionally, implementing ADFS will open up other Microsoft security components, such as two-factor authentication.

 

Busting Myths

There are some common misconceptions revolving around the implementation of ADFS for your Infor Lawson application.  Hopefully these explanations will help dispel the confusion.

MYTH: We can use our organization’s current ADFS installation

Infor Federation Services (IFS) must be installed on the same server as ADFS.  So, you may need to have a dedicated server for ADFS for Lawson.  Also, your Infor Lawson applications cannot be hosted on the same server as ADFS.  If you are installing a new instance of ADFS, make sure that it is compatible with your current version of Active Directory

 

MYTH: We don’t need SSL to implement ADFS

ADFS requires all of your Infor Lawson applications to use SSL (Secure Socket Layer).  You will need to select a Certificate Authority (CA), and install certificates at each web endpoint.  If your current Lawson web applications are not using SSL, you will need to convert them before you begin the ADFS installation/configuration.

MYTH: Our organization has to begin using ADFS for everything

The ADFS implementation is limited to Lawson and does not need to be part of any other application in your organization. A Windows server will host ADFS solely for Lawson and can be segregated to just this specific use without affecting anything else within the organization.

 

MYTH: The change is transparent to users

The look & feel of your Lawson web applications will remain the same, but the way users log in will change.  LS/STS username format is currently “username”.  When you switch to ADFS, users will log in with format “username@domain.com”.  Also, keep in mind that if you have to update to a compatible ESP in any of your applications, there may be some slight changes in what the users see on the forms they use.  Make sure this is done well in advance so the ESP can be tested thoroughly.

 

MYTH: Infor won’t support us after March 1, 2019

As of March 1, 2019, Infor will no longer be releasing Lawson patches that take LS/STS authentication method into account.  This doesn’t mean your current versions of Lawson applications will stop working if you fail to move to ADFS at this time.  It just means that you won’t be able to upgrade past a specific ESP for each product (10.0.9 for Lawson).  When Infor sunsets the product versions that allow LS/STS, you will then be on an unsupported product version.  It is look like this will happen sometime early 2021.

 

MYTH: User maintenance in Lawson Security is going to change

ADFS is an Authentication Method, while Lawson Security is an Authorization Method.  So, you will continue to use Lawson Security Administrator (LSA) or Infor Security Services (ISS) to maintain users and roles.  The ADFS authentication will not impact these roles at all.

 

MYTH: We use IPA, so we will have to update Landmark too

Infor Lawson products are actually the only products that allow LS/STS authentication method.  So, you will not need to make any updates to your Landmark products, including IPA.

Contact us when you are ready for your move to ADFS.  Our expert installers at Nogalis can make the process simple and pain-free.

Adding a custom field to a form using Configuration Console

,

Find the name of the Form and the Business Class that you want to add the field to (Ctrl-Shift-Click on any field on the form)

Log into Rich Client and go to Start > Configure > Application (make sure that you have been granted access to Configuration Console)

Find your Business Class, and click “User Fields” under the class

Click the “blank paper” icon to add a new user field

Give your user field a meaningful name (no numbers or special characters allowed, and the field name must begin with an upper-case letter)

Next, go to configured forms and find the form name that you noted earlier

If this form has never been customized, you may need to click the blank paper icon to add it to the Configured Forms list

Once the form has been added as a configured form, click on the form name, then click “Configure”

Navigate to the location where you want to add the user field

Click the blank paper and select “User Field”

Configure the user field for the form

Click “Save” and verify that the user field is now on your screen

Adding or Replacing Existing SSL CERTS Lawson (WINDOWS)

,

This is a PFX cert.

Start – This is being done on a Lawson LSF server.

  1. Drag the folder with the Cert onto the server you want to apply it to.
    1. Once you do that, make sure you check whether or not the server is running IIS. Typically by searching for IIS Manager or checking services.
  2. Double click the cert file that you dragged onto the server.
  3. Select Local machine:
  4. Specify the file you want to import (should default on the cert you just clicked to run) >> Next
  5. Enter the password for the cert and click next.
  6. Open command prompt as admin and type: start certlm.msc
  7. Under Personal >> Certificates, you should see the new cert you imported: The old one is below the one highlighted in red.
  8. Now go to IIS Manager, Sites >> select WebsiteName and then on right pane select bindings as shown below
  9. Select https binding and edit
  10. Select new cert and click ok
  11. Back in command prompt type: iisreset /restart
  12. Test and you’re done

When applying to Landmark server, we need to run the following commands below (Important to stop and start exactly as shown):

For Mingle in ISS Manager, we need to select the Sharepoint secure site and select bindings.

Adding a report to an existing list in LBI

,
  • First, check the criteria of the report list
  • Go to the Tools tab and select “Reporting Services My Reports”
  • Click on your list name
  • Make note of the filter
  • Some filters use attributes to create lists. If your filter uses an attribute, you would want to add that attribute to your report.
  • The list in this example “hard-codes” report id values, so you need to edit the list rather than the report
  • Get the ID of your report
  • Go back to My Reports and find your report
  • If you don’t see your report listed, try clicking the “All” button at the top to display reports for all users
  • Navigate to your report in the list and click “Details”
  • Make note of the ID
  • Go back to your list and click “Edit List” at the top of the screen
  • Click Filters
  • Add the text “Or (Report Id = ‘<your id>’)
  • Click ‘Append’

Here is an example of how to update attributes for a list that works on attributes:

  • Follow the steps above to find your list name and get the criteria for your list
  • Go to the report that you want to show up in that list
  • Click Details
  • Click Attributes
  • Click Add
  • Select the attribute(s) that are used in the list filter
  • Select the filter value

What is ADFS?

,
There has been a lot of confusion in the Infor client community lately over what ADFS is and what the impact of implementing it will be on the organization as a whole.
Active Directory Federation Services (ADFS) is a Microsoft solution created to facilitate Single Sign-On. It provides user with authenticated access to applications like Lawson without the need to provide the password information to the application.
ADFS manages user authentication through a service hosted between the active directory and the target application. It grants access to application users by using Federated trust. The users can then authenticate their identity through Single Sign-On without having to do so on the application itself. The authentication process is usually as follows:
1) The user navigates to the Lawson URL
2) The unauthenticated user is re-directed to the ADFS service
3) The user signs into ADFS
4) ADFS service authenticates the user via the Active Directory
5) The user is then given an authentication claim (in the form of a cookie) by the ADFS
6) The user is forwarded to the Lawson application with the claim which either grants or denies access based on the federated trust service
Note: The Lawson Server never sees the password information which in the case of external applications (like a cloud implementation) is a lot more secure.
 
What are some drawbacks of implementing ADFS?
 
Although ADFS is a new requirement, it comes with a few small drawbacks that you should consider:
– The additional server license and maintenance – You will need an additional server (likely one per environment) to host ADFS
– ADFS is actually somewhat complex and this new skill set can create a new challenge for smaller clients who aren’t already using ADFS for other applications
– A standard ADFS installation is not all that secure and several steps should be taken to ensure good security. Microsoft provides these best practices recommendations: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/best-practices-securing-ad-fs
There is also a great free e-book published by Microsoft about claims-based identity and access control: https://docs.microsoft.com/en-us/previous-versions/msp-n-p/ff423674(v=pandp.10)
To find out more about ADFS and how it can impact your organization, join our webinars or contact us.

Tips for Formatting Excel CSV File from Infor Process Designer

,

When using IPDesigner to create a .csv file, we ran into four issues with the file output:

  1. Problem: Certain dates appear as ######## and certain numbers convert to scientific notation.
    Solution: Select entire page (ctrl + a) and click Home tab -> Format -> AutoFit Column Width

  2. Problem: Some numbers remain in scientific notation (ex: 1E+12) even after AutoFit Column Width
    Solution: In the FileAccess node, wrap the SQL query variable with quotation marks and put a “=” before it.
    (For example, <!SQLQuery2650_USER_FIELD1> would become =“<!SQLQuery2650_USER_FIELD1>”)


  3. Problem: Strings with commas get split at the comma in a csv file.
    Example in file: The value “Anchin, Block, & Anchin” is getting split into 3 columns as the flow is interpreting the commas as separators.

    Solution: In the FileAccess node, wrap the SQL query variable with quotation marks to include the commas as part of the string.

  4. Problem: Certain number values lose their zeroes at the front when written to csv format.
    Example in file: The values in column C should be 001, 002, etc. instead of 1,2.

    Solution: In the FileAccess node, wrap the SQL query variable with quotation marks and put a “=” before it.
    (For example, <!SQLQuery2650_USER_FIELD3> would become =“<!SQLQuery2650_USER_FIELD3>”)


Before:

 

After:


Install WebSphere Fix Packs

,

Pre-requisites

Download Fix Packs

NOTE: You will need your passport advantage credentials

https://www-01.ibm.com/support/docview.wss?uid=swg27004980#ver85_0

Application Server Fix Pack

Customization Toolbox Fix Pack

WAS Supplements fix pack

Unzip WAS parts 1 & 2 into one directory

Unzip WCT parts 1 & 2 into one directory

Unzip WAS Supp parts 1 & 2 into one directory

Install Fix Pack

Stop WebSphere Services

Open IBM Installation Manager as administrator

Set the repository in File > Preferences (select the location where you saved the fix pack files)

Click ok

Click update

Select all, click next

Accept the license agreements

Click update

Click Finish

Start WebSphere services

Propagate Plug-Ins

WebSphere Console > Servers > Server Types > Web servers

Select web server

Generate Plug-in

Propagate Plug-in

Restart Application Server