Update ssoconfig service by loading a file

, ,

You might come across the need to update a service or identity configuration in ssoconfig (LSF), especially if you have implemented AD FS and need to update your usernames or service URLs. A quick way to update a ssoconfig service is to load an XML file with the updates. Create and save your XML file, set your environment variables on LSF, then run the command ssoconfig -l <password> <filepath>

Here is the file format for a service and an identity (make sure OVERRIDE is set to true if you are doing an update):

 

<?xml version=”1.0″ encoding=”ISO-8859-1″?>

<BATCH_LOAD FORMAT=”” OVERRIDE=”true”>

  <SERVICE>

<HasCredential>TRUE</HasCredential>

<LoginProcedure>Form based</LoginProcedure>

<ID>DSSOIBITEST</ID>

<SvcEntryAttrList>user,password</SvcEntryAttrList>

<LOGINSCHEME NAME=”Form”>

<PROTOASSERT>Use HTTPS always</PROTOASSERT>

<HTTPURL>https://server.company.com:80/sso/SSOServlet</HTTPURL>

<HTTPSURL>https://server.company.com:443/sso/SSOServlet</HTTPSURL>

<PRIMARYTARGETLOOKUP>Verify passwords in Lawson Security</PRIMARYTARGETLOOKUP>

<LOGIN_RDN/>

<NAMING_ATTR>cn</NAMING_ATTR>

<USERNAMEFIELD>_ssoUser</USERNAMEFIELD>

<PASSWDFIELD>_ssoPass</PASSWDFIELD>

<SERVICEURL>https://server.company.com:443/sso/SSOServlet</SERVICEURL>

<LOGIN_SUBMIT_METHOD>POST</LOGIN_SUBMIT_METHOD>

</LOGINSCHEME>

<IdentityAttrList>user</IdentityAttrList>

<CredentialAttrList>PASSWORD</CredentialAttrList>

     </SERVICE>

</BATCH_LOAD>

 

<?xml version=”1.0″ encoding=”ISO-8859-1″ standalone=”no”?>

<BATCH_LOAD FORMAT=”Opaque” OVERRIDE=”TRUE”>

<IDENTITY SERVICENAME=”SSOP” >

<RDID>lawson</RDID>

<USER><![CDATA[lawson@company.com]]></USER>

</IDENTITY>

</BATCH_LOAD>

 

Convert LBI to SSL

, ,

To convert LBI to use https, the first step is to make sure that you have valid PKCS 12 certificates installed in the Personal and Trusted Root stores on your LBI server. Export your certificate (or have your system admin do it for you) with the public key and private key, and with the full certificate chain.  During the export, provide a password for the certs.

In WebSphere on your LBI server, go to Security > SSL certificate and key management.  Select Key stores and certificates > NodeDefaultKeyStore > Personal certificates. Replace the default certificate with the cert that you just exported. Do the same for the CellDefaultKeyStore (if applicable). Next, under Key stores and certificates again, select the KeyStore and TrustStore, and select “Exchange Signers…”

Add your new certificate from the KeyStore to the TrustStore and Apply. Save the changes. No need to restart your application server yet, we will do that in a bit.

Make sure that your Virtual Hosts contain an alias for the secure port you plan to use. Note that this port must be the WC_defaulthost_secure port under Ports on your Application Server.

In LSF, update your DSP service for LBI to use the new service URL. The service should be set to “Use HTTPS always” and the new service URL should be “https://lbiserver.company.com:port/sso/SSOServlet.

Restart your LSF application server and your LBI application server.

Open your LBI install validator with https://lbiserver.company.com:secureport/efs/InstallValidator and make sure the system URL is set to the new secure URL. Submit the new URL. If the certificates are not valid, you will receive an error message indicating as such. Otherwise, there should be no failed tests.

VendorLaunch Vendor Self-Service Portal

, , ,

As you might have heard, we’ve been working on a fully cloud-based, vendor self service solution for about a year now. We have worked with several customers to create a solution that is simple, intuitive, and brings instant value to any organization dealing with vendors and suppliers. Join us on Thursday June 6th (9am PST) as we do a walk-thru and a public Q&A. The webinar will feature the following modules and functionality:

  • Vendor OnBoarding
  • Vendor Check Requests and Invoice Submissions
  • Purchase Requests
  • Routing, Approvals, Document Management, Audit, Integration, and much more

Download PowerPoint

Destination XL Group Selects Infor to Optimize Customer Engagement

Infor’s newest partnership is with Destination XL Group (DXLG), the industry’s leader in men’s big and tall apparel. This partnership allows DXLG to increase their market share and top line sales, improve customer segmentation and drive state-of-the-art marketing activities. Infor Alliance partner Three Deep Marketing will work alongside DXLG to leverage Infor’s rich breadth of customer engagement solutions to deepen relationships with existing and new customers by better understanding preferences around promotions, pricing and assortment. DXLG will implement Infor CloudSuite CRM, Infor Marketing Resource Management (MRM), Infor Omni-channel Campaign Management (OCM), and Infor Loyalty powered by CrowdTwist to provide relevant communications across all channels. “With Infor’s end-to-end customer engagement solutions, we can understand our customers better, produce rich and deep customer profiles and drive incredibly smart segmentation to connect and engage with our customers in a more meaningful and targeted way,” said Jim Davey, CMO of Destination XL Group. Infor’s Retail division now supports more than 2,500 global fashion, retail, and grocery brands that work to modernize operations by taking advantage of the latest consumer and business technologies — mobile, social, science and cloud.

 

For Full Article, Click Here

Configure LBI for ADFS

, ,

When you configure LSF for ADFS, you will need to make some changes to your LBI configuration so that users will be able to access LBI with the userPrincipalName.

The first thing you need to do is ensure that you have a user in Lawson security where RMID = SSOP = UPN (userPrincipalName).  The RM User that is used to search LSF for LBI users must have an account where RMID and SSOP match.  It is recommended that you have a new AD user created for this purpose (such as lbirmadmin).

Add the new user to Lawson, ensuring that their ID and SSOP values both use UPN.  Also make sure the new user is in the appropriate LBI groups for LBI access.

The next change will take place in the sysconfig.xml file located in <LBI install directory>/FrameworkServices/conf.  The ssoRMUserid should be the UPN of your LBI user mentioned above.  After you make these changes, restart the application server, clear the IOS cache in Lawson, and try logging into LBI.

500 Error in DSP Applications

,

If you update your LSF core technology, and subsequently find that your SSO applications (such as LBI or MSCM) produce a 500 service error, you probably need to update your DSP install on the host server for the SSO application.  Please see our article archive for instructions on how to update and reconfigure DSP.

If you get a “NoClassFoundError”, you may need to add a new class path to your JVM properties in WebSphere.  Figure out which class is missing and add the path to the JVM properties, then restart your application server and check to see if the issue is resolved.

Seven Signs Your Business Should Move To A New CRM System

Nothing makes an organization run more smoothly than the right Customer Relationship Management (CRM) system. However, you must regularly evaluate if your current system is doing the job for your growing company. Barrett Cordero, President of BigSpeak, a leading global speakers bureau, recently learned that their CRM system needed updating. He shares seven signs below that you should look for to know when it’s time for you to update your CRM system to something better.

  1. It’s unreliable – If your CRM used to work perfectly but now can’t be relied on 99% of the time, it’s time to switch systems.
  2. It doesn’t do mobile – If you can’t access your CRM by phone, you miss opportunities.
  3. It doesn’t integrate with other software systems – integrating with other systems (sales, contracts, websites) is a huge time saver.
  4. It’s user unfriendly – friendly deisgn makes for quick and easy navigation (again, saving time).
  5. It doesn’t work well across departments – If your CRM works well for one department but bad for others, then it’s bad for your entire company.
  6. It doesn’t have growth potential – If your CRM doesn’t have the potential to grow with your company, then it’s time to find the kind of CRM that can grow with you.
  7. It’s all you talk about – When you reach this stage, it’s time to do the research, take the leap and spend some time getting a new system in place.

It may take a while to realize you need to change your CRM system. But when you first notice it, take immediate action and start finding a newer and better system to help your business go further.

 

For Full Article, Click Here

Web Page errors when logging into IFS

, ,

If you see some error messages when you first open IFS (similar to the message below), make sure that all components of the Application Server have been installed.

These are installed in the Server Management area > Add Roles and Features.  The Application Server role is delivered with PowerShell commands that are required for IFS to run.

 

Update DSP for LBI

, ,

If you have installed a new DSP for your LBI server, it is very simple to point LBI to the new DSP install.

First, update the sysconfig.xml file located at <LBI Install Directory>/FrameworkServices/conf.  Look for the old DSP name and update it with the new name.  Then, be sure to change the class paths in WebSphere > Your Application Server > Java and Process Management > Process Definition > Java Virtual Machine.  Also, update the Custom Properties at the same location.

Restart the application server.

 

 

How are Recurring Journal Entries Approved?

, ,

When you journalize a Recurring Journal Entry, it goes through the standard JE approval flow. There is no delivered flow that looks at the Recurring Journal.

If you want the Recurring Journal Entry to be approved once when it is created and not approved each time it is journalized, a Custom IPA will need to be created to do that.

If you want changes on the Recurring Journal Entry to be re-approved when generated, make sure your custom trigger kicks off the IPA every time the Recurring Journal Entry is released.

You may then want to modify your JE approval flow to exclude transactions with the RJ system code since it was already approved – both initially and when it was changed.