Who's On?

	Membership:
	Latest: Brady
	Past 24 Hours: 0
	Prev. 24 Hours: 0
	Overall: 5274

	People Online:
	Visitors: 544
	Members: 0
	Total: 544

Name	Points
Greg Moeller	4184
David Williams	3349
JonA	3291
Kat V	2984
Woozy	1973
Jimmy Chiu	1883
Kwane McNeal	1437
Ragu Raghavan	1375
Roger French	1315
mark.cook	1244

Infor 10.0.4 Upgrade How to choose authentication protocol

5 Replies

1 Subscribed to this topic

27 Subscribed to this forum

Sort:

Author

Messages

Judy Consoli

Veteran Member Send Private Message

Posts: 43

3/12/2014 1:53 PM

We are planning our Infor 10 Upgrade and would like to know from experience what factors helped you choose Kerberos or LS as STS for your authentication protocol.
We run on AIX 7.1 platform and will be using Landmark for Process Flow. We are currently in production with LSF9.0.1.11 and Applications 9.0.1.5 and our users are on LASE security.
We use ESS/MSS and RQC service centers. We use ProcessFlow extensively.

Thanks for you insight.

Judy Consnoli

John Henley

Posts: 3351

3/12/2014 8:02 PM

It depends

Since you're on a Unix platform, and assuming you're not planning to implement any other Infor products (e.g. CPM, XM, etc.), then LS as STS is your best choice.
If you're implementing ANY "non-Lawson" Infor product (i.e. a product that doesn't utilize LSF or Landmark for authentication), then you have to use Kerberos.

Jimmy Chiu

Veteran Member Send Private Message

Posts: 641

4/11/2014 11:02 PM

I was told Infor will be adding ADFS/IFS authentication as third option for Lawson authentication. It will be awesome if they do that.

Anna Perez

Basic Member Send Private Message

Posts: 4

5/2/2014 5:53 PM

Hi Judy,

We use STS because, as John noted, we currently use only Infor-Lawson products on v10.

I can speak from experience that STS is much simpler to configure and maintain than Kerberos and I honestly can't think of any benefits to using Kerberos over STS. If you want to see the installation and configuration of STS, check out KB 1414827 on InforXtreme.

Have a great weekend!
Anna Perez

Bob Canham

Veteran Member Send Private Message

Posts: 217

5/5/2014 3:55 PM

One factor in our decision to use STS was that we were told if you have employees accessing ESS from home (direct, no vpn or citrix), Kerberos won't work.

John Henley

Posts: 3351

5/9/2014 5:14 PM

Posted By Bob Canham on 05/05/2014 11:55 AM
One factor in our decision to use STS was that we were told if you have employees accessing ESS from home (direct, no vpn or citrix), Kerberos won't work.

Good point. Kerberos requires that the computer "domain accessible" (not necessarily joined to the domain), so without a VPN connection, it would probably be difficult if not impossible to implement and support.

Expect that future direction for LSF and Workspace/Ming.le authentication will include ADFS as an option; ADFS is used extensively in cloud (e.g. Microsoft Azure) as a way of extending your AD outside traditional Windows domain boundaries.