infor.com
concierge
infor u
developer portal
Home
Groups
Lawson - Technology Customer Community [READ ONLY]
Lawson V10 from home
todd-brown
Sorry if this has been discussed already, but while attending Inforum this month we were in a session and a discussion broke out regarding being able to use Ming.le/Sharepoint from outside our firewall. In other words can employees access ESS from home without first connecting to our local domain, etc. If I heard correctly this is an issue with Sharepoint and something different/special needs to be done to allow this to happen? Anyone dealt with this issue for V10?
Find more posts tagged with
Infor Lawson Technology Group - Discussion
Comments
robert-canham
You can do it, but only if you are using their STS authentication method rather than Kerberos. This was a hangup for us as well. But as I understand it, as long as you aren't using any other Infor applications, the STS will work.
tom
Does the ESS access from home prevent back office users access to their back office applications from home as well? We are looking for a solution that allows ESS from home but prevents back office access. We currently allow back office use from home to approved users who have been approved for VPN access. We don't want to globally allow all back office users access from outside of the office.
todd-brown
Not sure I know what STS or Kerberos method is
robert-canham
The ESS access does not prevent access to back office applications if you just expose the Ming.le framework to the outside. If you want to be able to do this, the only way I know how is to create your own framework for ESS and link in the html bookmarks.
One other downside to this method is that Ming.le does not support multiple endpoints. We ended up having to route all of our users (back office and ESS) through our DMZ servers.
As for STS and Kerberos, those are the two methods that Lawson has for authentication with Ming.le in v10. Kerberos is the standard Sharepoint authentication which requires you to be on the domain. STS is short for Secure Token Service which is a plugin Lawson created to use the Lawson Security module to control authentication to Ming.le. This bypasses the need to be on the domain, but works only for Lawson.
unknown
Greg, in the session I saw at Inforum they said that you could use an XML file to configure which forms are available externally.
deanna-plant
What Inforum session was this discussed in? I would be interested in viewing Powerpoint when it is published. Thanks
todd-brown
The one I was at was an 'Ask the Experts one' so I doubt there will be a powerpoint since it was all Q&A
unknown
I am pretty sure I heard about it in LAWS-3302 - What's New in Infor Lawson Security. It looked to me like you could set up a separate web server in the DMZ to host a copy of ESS. I don't know if that is just IIS (or Apache) or if you have to do a full SharePoint. You establish domains in Infor Security Services. One domain would be for inside traffic and the other would be for outside traffic. You can configure what functions are accessible to each domain.
[Updated on 9/29/2014 2:00 PM]
unknown
Documentation for what I was describing can be found beginning on page 48 of Infor Security Services Configuration Guide version 10.1.0.x in the section called "Configuring Internet-facing Applications."
[Updated on 9/29/2014 2:23 PM]
cyrus-reyes
It's my understanding that Ming.le/SharePoint in your DMZ is likely to be a big target for those who wish to do your system harm, and is not recommended. However, if the need is to provide EMSS access from outside the firewall, that can be done WITHOUT Ming.le. Even on V10, the ESS application(s) will be available by direct link access (think "bookmark URLs"). You can build your own small custom web-page on a stand-alone DMZ web-server or add a page to your external employee portal, with links that point to the various ESS bookmarks. You'll probably have to poke a hole through the firewall for access to your Lawson web-server (NOT the Ming.le server), but it will be less vulnerable.
Hans Mueller
For everyone on this thread... Running Ming.le/Sharepoint external to your organization as the user interface for Lawson 10, without a VPN, is NOT supported by Infor. What is now supported is running ESS/MSS externally on either 901.13+ or 10.0.5+. How to do it is defined in the guide that Nathan indicated above. I will say that this guide has been reviewed internally recently in preparation for this support, and is planned to be republished on Friday this week (11/7) as there were numerous revisions necessary based on work with early adopter customers.
What this new supported solution does is provide an additional layer of security (configurable by the client) to enable external access. It sits on top of LS (in 9 or 10) or LAUA (in 9) to provide an extra level of validation for a user coming in through an external endpoint. This is done through an XML file to indicate which tables and forms you want to expose. Coming in through that external endpoint, the first check is against the rule file, and then the second check is done against the end users regular security role. If both allow access, then access is granted.
But as I said, this only is supported for ESS/MSS access externally without a VPN. This is NOT supported for Ming.le access externally without a VPN.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Help
Popular Tags
Infor Lawson Human Resources Group - Discussion
Infor Lawson Technology Group - Discussion
General Discussions
VISUAL - Enterprise General Discussions
Infor Lawson Supply Chain Management - Discussion
Process Automation (IPA) - General Discussions
Pegasus - Partner General Discussions
Infor Lawson Supply Chain Group - Discussion
Infor Lawson Financials Group - Discussion
Infor EPM Discussions