Prev
Next
Forums Infor / Lawson Platforms S3 Systems Administration

Infor 10.0.4 Upgrade How to choose authentication protocol

 5 Replies
 1 Subscribed to this topic
 27 Subscribed to this forum
Sort:
Author
Messages
Judy Consoli
Veteran Member
Posts: 43
Veteran Member
3/12/2014 1:53 PM

    We are planning our Infor 10 Upgrade and would like to know from experience what factors helped you choose Kerberos or LS as STS for your authentication protocol.
    We run on AIX 7.1 platform and will be using Landmark for Process Flow.  We are currently in production with LSF9.0.1.11 and Applications 9.0.1.5 and our users are on LASE security.
    We use ESS/MSS and RQC service centers.  We use ProcessFlow extensively.

    Thanks for you insight.

    Judy Consnoli
    John Henley
    Posts: 3353
    3/12/2014 8:02 PM
      It depends
      Since you're on a Unix platform, and assuming you're not planning to implement any other Infor products (e.g. CPM, XM, etc.), then LS as STS is your best choice.
      If you're implementing ANY "non-Lawson" Infor product (i.e. a product that doesn't utilize LSF or Landmark for authentication), then you have to use Kerberos.
      Thanks for using the LawsonGuru.com forums!
      John
      Jimmy Chiu
      Veteran Member
      Posts: 641
      Veteran Member
      4/11/2014 11:02 PM
        I was told Infor will be adding ADFS/IFS authentication as third option for Lawson authentication. It will be awesome if they do that.
        Anna Perez
        Basic Member
        Posts: 4
        Basic Member
        5/2/2014 5:53 PM
          Hi Judy,

          We use STS because, as John noted, we currently use only Infor-Lawson products on v10.

          I can speak from experience that STS is much simpler to configure and maintain than Kerberos and I honestly can't think of any benefits to using Kerberos over STS.  If you want to see the installation and configuration of STS, check out KB 1414827 on InforXtreme.

          Have a great weekend!
          Anna Perez
          Bob Canham
          Veteran Member
          Posts: 217
          Veteran Member
          5/5/2014 3:55 PM
            One factor in our decision to use STS was that we were told if you have employees accessing ESS from home (direct, no vpn or citrix), Kerberos won't work.
            John Henley
            Posts: 3353
            5/9/2014 5:14 PM
              Posted By Bob Canham on 05/05/2014 11:55 AM
              One factor in our decision to use STS was that we were told if you have employees accessing ESS from home (direct, no vpn or citrix), Kerberos won't work.

              Good point. Kerberos requires that the computer "domain accessible" (not necessarily joined to the domain), so without a VPN connection, it would probably be difficult if not impossible to implement and support.  

              Expect that future direction for LSF and Workspace/Ming.le authentication will include ADFS as an option; ADFS is used extensively in cloud (e.g. Microsoft Azure) as a way of extending your AD outside traditional Windows domain boundaries.
              Thanks for using the LawsonGuru.com forums!
              John