ADFS requirements

Sort:
You are not authorized to post a reply.
Author
Messages
Greg Moeller
Veteran Member
Posts: 1498
Veteran Member
    Is anyone else having a difficult time making the ADFS  requirement(s) by April of next year?

    We are a pretty technically advanced company, and with everything coming at us, I think we are going to be hard-pressed to make the date.

    Yes, I realize, that the date is just a "we aren't going to support it anymore" date, but if the webinar was correct in saying that any updates that you take could potentially break your system after that date...    if we need an update, and it includes a security component, can we afford to risk it? 

    We've gotten quotes from Infor to do the work, and they are astronomical...   can a company just decide to implement an ADFS solution, and give ALL of their customers just 3 months to comply with them?  Seems a bit unrealistic (at the very least) to me.

    JimY
    Veteran Member
    Posts: 510
    Veteran Member

      We are in the process of finalizing a contract with a company to make the change for us. They are less expensive than Infor. We had Infor for another project and we were not happy with their performance. We have known about this since the middle of the year so it has been out there for a while.

      Kwane McNeal
      Veteran Member
      Posts: 479
      Veteran Member
        Greg,
        The requirement has been out there for about 9 months now. There are plenty of providers (me included) who can do it for less than Infor.

        Let me know if you would like to discuss more, or like some guidance.

        Kwane
        505-433-7744
        Greg Moeller
        Veteran Member
        Posts: 1498
        Veteran Member
          Please excuse my earlier vent/rant.
          John Henley
          Senior Member
          Posts: 3348
          Senior Member
            Rants always welcome here...
            As Kwane points out, there are alternatives other than Infor — most of the partners in the Lawson ecosystem as well as independents.
            Thanks for using the LawsonGuru.com forums!
            John
            ALB
            Veteran Member
            Posts: 130
            Veteran Member
              I certainly understand Greg's struggle. As much as you can say that there was advanced warning, the announcement did not fit well into the budget cycle for some organizations. Some needed to budget this months before the announcement was made in order to fit into their fiscal year. I was curious how others deal with this.
              Leonard Courchaine
              Veteran Member
              Posts: 55
              Veteran Member
                I say AMEN to Greg's 'rant/vent'!!! Yes, we knew about it earlier in the year but didn't know how big it was until well after we started switching our DEV environment. Then the alleged 'training' session (Glenn R is most awesome trainer but I think he got sucked into doing the session to make the change seem more legitimate!) a couple weeks ago was kind of a joke and very late, given all it's taking to do and the cost. Training should mean we can then do it. But at least a dozen times in the training we were told "Don't do this on your own!" And it's not cheap. We're using an Infor partner (who we love! Seriously!) which is much less than ICS I'm sure. We *hope* to finish by the deadline but likely won't.

                Shame on Infor for doing this the way they did. Kinda shows a lack of appreciation/understanding for the real world of their on-premise customers. And I hear the date isn't shifting. So you're not alone. Maybe we'll move to the cloud before then (ha ha)!
                Lenny (lc@choa.org)

                John Henley
                Senior Member
                Posts: 3348
                Senior Member
                  Lenny, thanks for that feedback--very helpful! And for everyone involved, would you share the name of the Infor Partner you are using?
                  Thanks for using the LawsonGuru.com forums!
                  John
                  Leonard Courchaine
                  Veteran Member
                  Posts: 55
                  Veteran Member
                    We're using AVAAP. They're helping us wade through the mire. We're *always* happy with them. (I hope I'm allowed to say that in this forum)
                    John Henley
                    Senior Member
                    Posts: 3348
                    Senior Member
                      Posted By Leonard Courchaine on 12/21/2018 3:20 PM
                      We're using AVAAP. They're helping us wade through the mire. We're *always* happy with them. (I hope I'm allowed to say that in this forum)

                      Of course, that's why I asked

                      Thanks for using the LawsonGuru.com forums!
                      John
                      Kwane McNeal
                      Veteran Member
                      Posts: 479
                      Veteran Member
                        Lenny,
                        I’ll say it with you. Diraj and his team worked very hard to build a solid firm, and has done a good job. The fact your organization is always happy with them, says they were successful.

                        They have are a solid team over there.

                        Joe O'Toole
                        Veteran Member
                        Posts: 314
                        Veteran Member
                          Greg, I am not a fan of how Infor handled the ADFS debacle either. Yes it was announced a while ago but nobody (including Infor IMHO) had a thorough understanding of the process or impact on IT infrastructure. We have no ADFS presently so jumped on the research bandwagon early on and initially got ridiculous quotes to do the implementation (months vs days). I was just at our local MRLUG user group meeting and was shocked by how many customers were either still unaware of the deadline or indifferent to being in an unsupported position (however unlikely an authentication related bug fix request would be). In any case, we are scheduled to be live before the end of January so I'll keep everyone posted on how things go.
                          DeannaP
                          Basic Member
                          Posts: 15
                          Basic Member
                            We were told by Infor we didn't need to be concerned with this move until we were on LSF 10.0.10 - LS STS Authentication is being sunset after v10.0.9.  Is this not correct??
                            Kwane McNeal
                            Veteran Member
                            Posts: 479
                            Veteran Member
                              Deanna,
                              No that isn’t completely correct. While it is TECHNICALLY correct, it isn’t supported.

                              TECHNICALLY, if you don’t anticipate needing patches for LSF and potentially the S3 business apps, AND if Landmark doesn’t need a CU (especially one that affects the IPA bridge), then yes, you can wait until you need 10.0.10, or some Landmark CU that requires 10.0.10

                              BUT

                              According to the support notice, you will be out of compliance, and support has no obligation to provide support on an issue after March 1st.
                              PBL
                              Basic Member
                              Posts: 9
                              Basic Member
                                I was told by a trusted Infor tech resource that LSF patches sometimes contain unadvertised security fixes. Therefore, it is wise to apply LSF patches as they become available, if for no other reason than to patch unknown security holes. From my understanding, any 10.0.9 LSF patches issued after the March 1 date will require ADFS.
                                Alex Tsekhansky
                                Veteran Member
                                Posts: 92
                                Veteran Member

                                  Infor said exactly that on the latest ADFS-related webinar - after March 2019 ANY LSF patches may include fixes that would break LS-as-STS.

                                   

                                  So, the only way to remain on 10.0.9 after March 1, would be not patching LSF, LM and related products.

                                  Jimmy Chiu
                                  Veteran Member
                                  Posts: 641
                                  Veteran Member
                                    Even after you migrated to ADFS authentication, there are modules within LSF/LMRK that do not support ADFS, so you will need to configure there modules to use... good old LDAPBIND authentication.



                                    pbelsky
                                    Veteran Member
                                    Posts: 80
                                    Veteran Member
                                      Could you please give more details on the modules which do not support ADFS? Thank you!
                                      Brian Baglieri
                                      New Member
                                      Posts: 1
                                      New Member

                                        Lenny,

                                        Thanks for the good words. I know how difficult it can be to sort through some of the changes that are required over the life cycle of your Lawson system and I'm glad we've been able to partner together and help you to be successful.

                                        Brian

                                        Kwane McNeal
                                        Veteran Member
                                        Posts: 479
                                        Veteran Member
                                          Brian B,
                                          I’ve known you as you’ve progressed a number of places, you always do a great job of providing a solid experience to clients.

                                          Kwane
                                          Alex Tsekhansky
                                          Veteran Member
                                          Posts: 92
                                          Veteran Member

                                            ADFS will require special consideration with the following applications (LSF 10/LM 10.1.1 or 11.x):

                                             

                                            1. MSCM. By default your handheld users will need to type UPN names when login in. We have tested and approved with Infor alternate solution for that one that will still allow them to use short names.

                                            2. Rich Client. Users will need to use UPN names.

                                            3. Old versions of Add-ins

                                            4. IPA configuration

                                            5. LBI configuration

                                            6. Old versions of LSA (if needed)

                                            7. Two-factor authentication configurations

                                            You are not authorized to post a reply.