PrevPrev Go to previous topic
NextNext Go to next topic
Last Post 01/05/2019 8:58 PM by  Alex Tsekhansky
ADFS requirements
 20 Replies
Sort:
You are not authorized to post a reply.
Author Messages
Greg Moeller
Private
Private
Veteran Member
(3949 points)
Veteran Member
Posts:1403


Send Message:

--
12/18/2018 10:40 AM
    Is anyone else having a difficult time making the ADFS  requirement(s) by April of next year?

    We are a pretty technically advanced company, and with everything coming at us, I think we are going to be hard-pressed to make the date.

    Yes, I realize, that the date is just a "we aren't going to support it anymore" date, but if the webinar was correct in saying that any updates that you take could potentially break your system after that date...    if we need an update, and it includes a security component, can we afford to risk it? 

    We've gotten quotes from Infor to do the work, and they are astronomical...   can a company just decide to implement an ADFS solution, and give ALL of their customers just 3 months to comply with them?  Seems a bit unrealistic (at the very least) to me.

    JimY
    Private
    Private
    Veteran Member
    (1219 points)
    Veteran Member
    Posts:437


    Send Message:

    --
    12/18/2018 12:14 PM

    We are in the process of finalizing a contract with a company to make the change for us. They are less expensive than Infor. We had Infor for another project and we were not happy with their performance. We have known about this since the middle of the year so it has been out there for a while.

    Kwane McNeal
    Private
    Private
    Veteran Member
    (1296 points)
    Veteran Member
    Posts:432


    Send Message:

    --
    12/18/2018 12:22 PM
    Greg,
    The requirement has been out there for about 9 months now. There are plenty of providers (me included) who can do it for less than Infor.

    Let me know if you would like to discuss more, or like some guidance.

    Kwane
    505-433-7744
    Greg Moeller
    Private
    Private
    Veteran Member
    (3949 points)
    Veteran Member
    Posts:1403


    Send Message:

    --
    12/18/2018 1:33 PM
    Please excuse my earlier vent/rant.
    John Henley
    Private
    Private
    Senior Member
    (9680 points)
    Senior Member
    Posts:3244


    Send Message:

    --
    12/18/2018 3:20 PM
    Rants always welcome here...
    As Kwane points out, there are alternatives other than Infor — most of the partners in the Lawson ecosystem as well as independents.
    Thanks for using the LawsonGuru.com forums!
    John
    Survivor
    Systems Analyst
    Hospital
    Veteran Member
    (240 points)
    Veteran Member
    Posts:114


    Send Message:

    --
    12/21/2018 1:38 PM
    I certainly understand Greg's struggle. As much as you can say that there was advanced warning, the announcement did not fit well into the budget cycle for some organizations. Some needed to budget this months before the announcement was made in order to fit into their fiscal year. I was curious how others deal with this.
    Leonard Courchaine
    Private
    Private
    Veteran Member
    (143 points)
    Veteran Member
    Posts:55


    Send Message:

    --
    12/21/2018 2:16 PM
    I say AMEN to Greg's 'rant/vent'!!! Yes, we knew about it earlier in the year but didn't know how big it was until well after we started switching our DEV environment. Then the alleged 'training' session (Glenn R is most awesome trainer but I think he got sucked into doing the session to make the change seem more legitimate!) a couple weeks ago was kind of a joke and very late, given all it's taking to do and the cost. Training should mean we can then do it. But at least a dozen times in the training we were told "Don't do this on your own!" And it's not cheap. We're using an Infor partner (who we love! Seriously!) which is much less than ICS I'm sure. We *hope* to finish by the deadline but likely won't.

    Shame on Infor for doing this the way they did. Kinda shows a lack of appreciation/understanding for the real world of their on-premise customers. And I hear the date isn't shifting. So you're not alone. Maybe we'll move to the cloud before then (ha ha)!
    Lenny (lc@choa.org)

    John Henley
    Private
    Private
    Senior Member
    (9680 points)
    Senior Member
    Posts:3244


    Send Message:

    --
    12/21/2018 3:06 PM
    Lenny, thanks for that feedback--very helpful! And for everyone involved, would you share the name of the Infor Partner you are using?
    Thanks for using the LawsonGuru.com forums!
    John
    Leonard Courchaine
    Private
    Private
    Veteran Member
    (143 points)
    Veteran Member
    Posts:55


    Send Message:

    --
    12/21/2018 3:20 PM
    We're using AVAAP. They're helping us wade through the mire. We're *always* happy with them. (I hope I'm allowed to say that in this forum)
    John Henley
    Private
    Private
    Senior Member
    (9680 points)
    Senior Member
    Posts:3244


    Send Message:

    --
    12/21/2018 3:25 PM
    Posted By Leonard Courchaine on 12/21/2018 3:20 PM
    We're using AVAAP. They're helping us wade through the mire. We're *always* happy with them. (I hope I'm allowed to say that in this forum)

    Of course, that's why I asked

    Thanks for using the LawsonGuru.com forums!
    John
    Kwane McNeal
    Private
    Private
    Veteran Member
    (1296 points)
    Veteran Member
    Posts:432


    Send Message:

    --
    12/21/2018 3:27 PM
    Lenny,
    I’ll say it with you. Diraj and his team worked very hard to build a solid firm, and has done a good job. The fact your organization is always happy with them, says they were successful.

    They have are a solid team over there.

    Joe O'Toole
    Private
    Private
    Veteran Member
    (799 points)
    Veteran Member
    Posts:311


    Send Message:

    --
    12/21/2018 5:31 PM
    Greg, I am not a fan of how Infor handled the ADFS debacle either. Yes it was announced a while ago but nobody (including Infor IMHO) had a thorough understanding of the process or impact on IT infrastructure. We have no ADFS presently so jumped on the research bandwagon early on and initially got ridiculous quotes to do the implementation (months vs days). I was just at our local MRLUG user group meeting and was shocked by how many customers were either still unaware of the deadline or indifferent to being in an unsupported position (however unlikely an authentication related bug fix request would be). In any case, we are scheduled to be live before the end of January so I'll keep everyone posted on how things go.
    DeannaP
    Information Systems
    Private
    Basic Member
    (32 points)
    Basic Member
    Posts:14


    Send Message:

    --
    01/02/2019 8:51 AM
    We were told by Infor we didn't need to be concerned with this move until we were on LSF 10.0.10 - LS STS Authentication is being sunset after v10.0.9.  Is this not correct??
    Kwane McNeal
    Private
    Private
    Veteran Member
    (1296 points)
    Veteran Member
    Posts:432


    Send Message:

    --
    01/02/2019 9:11 AM
    Deanna,
    No that isn’t completely correct. While it is TECHNICALLY correct, it isn’t supported.

    TECHNICALLY, if you don’t anticipate needing patches for LSF and potentially the S3 business apps, AND if Landmark doesn’t need a CU (especially one that affects the IPA bridge), then yes, you can wait until you need 10.0.10, or some Landmark CU that requires 10.0.10

    BUT

    According to the support notice, you will be out of compliance, and support has no obligation to provide support on an issue after March 1st.
    PBL
    Private
    Private
    Basic Member
    (22 points)
    Basic Member
    Posts:8


    Send Message:

    --
    01/02/2019 12:15 PM
    I was told by a trusted Infor tech resource that LSF patches sometimes contain unadvertised security fixes. Therefore, it is wise to apply LSF patches as they become available, if for no other reason than to patch unknown security holes. From my understanding, any 10.0.9 LSF patches issued after the March 1 date will require ADFS.
    Alex Tsekhansky
    Private
    Private
    Veteran Member
    (234 points)
    Veteran Member
    Posts:78


    Send Message:

    --
    01/03/2019 12:39 PM

    Infor said exactly that on the latest ADFS-related webinar - after March 2019 ANY LSF patches may include fixes that would break LS-as-STS.

     

    So, the only way to remain on 10.0.9 after March 1, would be not patching LSF, LM and related products.

    Jimmy Chiu
    System Analyst
    Federal Government
    Veteran Member
    (1876 points)
    Veteran Member
    Posts:638


    Send Message:

    --
    01/03/2019 10:34 PM
    Even after you migrated to ADFS authentication, there are modules within LSF/LMRK that do not support ADFS, so you will need to configure there modules to use... good old LDAPBIND authentication.



    pbelsky
    Corporate Applications Analyst
    Green Bay Packaging
    Veteran Member
    (227 points)
    Veteran Member
    Posts:79


    Send Message:

    --
    01/04/2019 8:28 AM
    Could you please give more details on the modules which do not support ADFS? Thank you!
    Brian Baglieri
    Practice Director, Managed Services
    Private
    New Member
    (3 points)
    New Member
    Posts:1


    Send Message:

    --
    01/04/2019 10:10 AM

    Lenny,

    Thanks for the good words. I know how difficult it can be to sort through some of the changes that are required over the life cycle of your Lawson system and I'm glad we've been able to partner together and help you to be successful.

    Brian

    Kwane McNeal
    Private
    Private
    Veteran Member
    (1296 points)
    Veteran Member
    Posts:432


    Send Message:

    --
    01/04/2019 10:23 AM
    Brian B,
    I’ve known you as you’ve progressed a number of places, you always do a great job of providing a solid experience to clients.

    Kwane
    Alex Tsekhansky
    Private
    Private
    Veteran Member
    (234 points)
    Veteran Member
    Posts:78


    Send Message:

    --
    01/05/2019 8:58 PM

    ADFS will require special consideration with the following applications (LSF 10/LM 10.1.1 or 11.x):

     

    1. MSCM. By default your handheld users will need to type UPN names when login in. We have tested and approved with Infor alternate solution for that one that will still allow them to use short names.

    2. Rich Client. Users will need to use UPN names.

    3. Old versions of Add-ins

    4. IPA configuration

    5. LBI configuration

    6. Old versions of LSA (if needed)

    7. Two-factor authentication configurations

    You are not authorized to post a reply.