WS-Trust is a specification and OASIS standard that uses secure messaging mechanisms of WS-security to manage and handle issuing, validating, and renewing security tokens. WS-Trust is available when using ADFS or Ping Federate as the IDP, but not with Azure AD or Okta.
|
WS-Trust Configuration |
|
|
Field |
|
|
Enable WS-Trust |
Select this check box to enable WS-Trust configuration. |
|
STS Endpoint |
Security token service connection end point for credentials. |
|
Identity Provider Type |
Ping Federate (PF) or Active Directory (ADFS).
|
|
MEX Address |
The Message Exchange Address. |
|
STS Policy ID |
The Policy ID which grants security credential permissions for federated users or roles (required for PF). |
|
Qualify User |
Sets the userid to <tenant>~<userid> (intended for backward compatibility). |
|
Transmit Tenant |
Sets the userid to <customerid>_<userid> (intended for backward compatibility). |
Specific to the Qualify User and Transmit Tenant check boxes, these are mutually exclusive. Qualify User or Transmit Tenant may need to be selected when connecting to an Infor IDP. For on-premise customers, if WS-Trust has already been configured in the yaml file, the setting for these values on the SSO Configuration screen will be the same as the yaml settings. For customers configuring WS-Trust for the first time, these settings should not be used.
Previously, WS-Trust configuration information was stored in yaml files. This detail will now be stored in the database, so it is tenant specific. The file-based configuration will still be made available, but the database settings will override the yaml settings when the former is available.
If the WS-Trust configuration values are not set on the SSO Configuration screen, the system will revert to the prior approach of reading these values from the yaml file.
While on-premise customers can use this screen to store the WS-Trust configuration,
the SSO Configuration screen will be used in the cloud to make the WS-Trust setting tenant-specific.