How ‘SAML’ Works with M3

SAML – Security Assertion Markup Language

~ It is a protocol for sharing user authentication and feature information ~

 

SP – Service Provider – This is the role of the SAML Session Provider/Grid. Grid applications provide services that require authentication, and the SAML Session Provider initiates the authentication using the SAML protocol. In AD FS, the Service Provider is called a Relying Party Trust (RPT).

AD FS – Active Directory Federation Services – This is the role of the entity that is responsible for handling authentication against the user repository. In on-premise environments, AD FS (Active Directory Federation Services, a Microsoft product) has the role of the Identity Provider

IFS – Infor Federation Services – which is part of Infor Operating Service (Infor OS). After successful authentication, the IdP retrieves additional attributes for the user from IFS, in particular, Security Roles, which are maintained in IFS. In the SAML standard, the attributes are called claims. Claims may also come from other stores, for example, attributes from the AD.

 

 

 

 

 

 

 

 

 

 

1. The user accesses a protected grid resource in the H5 application.
2. The grid passes the call internally to the SAML Session Provider. The SAML Session Provider redirects the browser to AD FS.
3. AD FS prompts the user for authentication and the user provides her credentials. The user logs on as jane.doe@example.com.
4. AD FS authenticates the user against the Active Directory.
5. After successful authentication, AD FS retrieves claims for the user from IFS. The Person claim is among these. Jane Doe’s Person claim has the value 12345.
6. AD FS constructs an assertion – a message about the authentication and the user and provides this to the browser.
7. The browser posts the assertion to the SAML Session Provider.
8. The assertion is validated by the SAML Session Provider. A grid session and a grid user are created, with the user name based on the Person claim. In this case, the name will be 12345.
9. The user has sufficient privileges to access the protected resource and is redirected to the first access point.
10. During use, the H5 application accesses M3 BE on behalf of the user. The grid user name is 12345. This name conforms to the 10 character limitation. The User 12345 has also been configured in M3 BE ‘User.Open’ (MNS150). Therefore, the user can access M3 BE.

 

 

reference: https://docs.infor.com

 

MBM Document on PO Release – Status 20

MBM Document on PO Release – Status 20

Configure the MBM listener channel

MvxNGIn:

Use this protocol for MBM initiator XML files sent from M3 (Java). Enable the default channel provided by MEC to receive MBM initiator files first. This has to be done in the Partner Admin Tool.

By reloading the MEC Communication Channels in LCM it will populate the default channel which is enabled above in the available channels.

Gather Information for further configurations:

Server IP : xxx.xxx.xxx.xxx   / Port: xxxx

Configure M3 Control programs

CRS116 – Media format setup

If the MBM media format is not available generate it via F14 by open Actions

Then MBM should be available as a Media format as below

XMLOUT is also technically a stream file, although in XML format. Compared to STREAM, the XMLOUT file only contains control information and keys to the business data, instead of declaring the full set of data. This approach is chosen, since the target with XMLOUT is to utilize event-driven architecture for integration of applications.

This means that M3 only publishes documentation of what has happened. It is up to the receiving application (the output service) to interpret what to do with the event and to create the full content, since that is connected to the interpretation of the event. The way to build up content is then made through the M3 APIs.

Finally, the output service creates the media format out of the content and publishes it through the defined channel. This architecture might seem complicated at first, but it is highly efficient in the long run.

 

MNS218 – Define the output server

Create a new record in MNS218 for the new MEC channel. Server IP and Port can be retrieved from the LCM

MNS217 – Define the output service

Create a new record in MNS217 for the the XML OUT service type. Set the interface property as XMLOUT

MNS216 – Map the output server and service type

Define the output service in MNS216. The service type should be the service type you defined in the MNS217. The server ID should be the server you defined in MNS218. The port number can be get from the LCM

MNS204 – Connect media with output service

Define media settings for user-controlled document output. The output can be distributed as a printout, PDF file, fax or email

 

 

Field	Description
Printer file	If this field is left blank, the setup will be valid for all printer files.
Hold output	Specifies whether the output is sent to ‘Output. Manage per Job’ (MNS206) and then held there and not distributed further. This is desirable when testing new output services.
Save output	Specifies whether the output is saved after it is sent to the output service. This acts as an archive function if it does not exist in the output service type software or used for tests.
Confirm output	Specifies whether the output is confirmed or changed in (MNS212) before it is printed.
Media control selection	Connect media control objects from ‘Output Media Selection. Open’ (MNS205) and ‘M3 Document. Connect Media’ (CRS949) to the output service settings.

CRS928 – Define Basic Data for Document Output Management

Basic data includes media codes and how they are related to the technical format of the printer file, output server, output service and its type.

The relationships between the other basic settings are:

• The media code defines a certain format and way to distribute a document, such as via e mail. Examples of the technical format of the printer file are, *STREAM or *XMLOUT.
• An output server is the physical server that hosts an output service function.
• The output service type is a piece of software that can perform one or several output services.
• The output service definition connects the output server and output service type to a specific output service ID.

For the PPS601 Document no is: 105

Field1 / Field 2 are the control fields for the initiator file. In this scenario it use the Supplier Number only.

CRS027 – Generate Documents per Company

Select F14=’Generate standard’ to generate all standard documents for the company you are working in. A simple way to define the documents to use is to generate all and then remove the ones you do not want.

CRS929 – Connect Media to Documents

Define the media support per document number. By connecting a document number to a media code, it is declared that the combination is valid for the company.

Apply the Document no, Document variant and then select the option MBM and click Next.

CRS945 – Connect Media Control Object for Document No 105

Select Std document and press option 12=Media to proceed to ‘Std Document. Connect Media Ctrl Object’ (CRS945/B1)

Enter a media control object and press Create to proceed to the E panel.

Enter a name and description.

Press Enter to finish and return to (CRS945/B1).

Press option 12=Media to proceed to ‘Doc Media Control Object. Connect Media’ (CRS949/B1)

Enter the media code by pressing F4 and selecting a form of media valid for the document.

Press Create

Depending on which form of media you are defining, the E, F, G, H, or J panels will be displayed

For the EDI and MBM J panel will be displayed

Define Media EDI and MBM (J Panel)

• Apply the Document No and Document variant as per above.
• Enter the service provider to be used for the output from M3.
• Enter the identity of the receiver.
• MBM Initiator values will be use in PAT to identify the detection.
• Enter whether you want to use a test message (also known as a test flag).
• Enter whether you want copies of previously printed documents to be printed.
• Press Enter to finish and return to (CRS949/B1).

Setup the Media Profile for the Supplier – Final Step

  Setup Supplier Media Controller

Open CRS620 Supplier and select a supplier.

 

Set up the Media Profile as EDI. (This will be activate after the BE restart)

 

Create a new PO and Release (Print – Status 20)

In MNS206 there will be two records for the PO Printer file

Output XML

MBM Message will be detect in IEC

References:

https://docs.infor.com

 

 

-37.832294 144.922214

Failed to Encode Schema Filename? The solution is to Flatten Multiple Schemas into one File

In MEC development when you found an issue where you are not allowed to create a new Map with multiple schemas, what we can do is Flatten those schemas into one file.

Step 1: Get installed Altova XML Spy external tool Click Here!

Step 2: Open the root XSD file from the Altova tool

Step 3: In the Menu Item called ( Schema Design ) has an item called ( Flatten Schema ). Click on it

 

Step 4: Export the Output

 

 

Perform Sanity Check on Target Groups

In this post, you will get to understand a sanity check on your targets. A sanity checks helps you with problems that can occur in the detection order due to Shadowing problems.

Step 1:

On Partner Admin Tool, click File > Manage > Detections.

Step 2:

Click the Detection Order tab.

Step 3:

Right-click selected target for the selected group area.

Step 4:

Select the Sanity check. The sanity check will go through the detection order and issue a warning if it finds something suspicious. One of the sanity checks being made is for the occurrence of shadowing.

 

Step 5:

Move the MVX_S3_R1 target group just above the MVX_S3_R2 target group by drag and drop the MVX_S3_R1 on to the MVX_S3_R3 target Group.

Step 6:

Click Yes in the Confirm Move dialog.

Step 7:

The MVX_S3_R1 target group should now be above the MVX_S3_R2 target group.

Step 8:

Right-click the MVX_S3_R1 target group and select Sanity Check.

Step 9:

A Sanity Check Report is displayed. Telling you that the MVX_S3_R1 is shadowing the MVX_R3_R2 target group. Click OK.

Step 10:

Move the MVX_S3_R1 target group back to just below the MVX_S3_R2 target group.

Step 11:

Perform a new sanity check to check that everything is ok.

Step 12:

Close the Detection window.

 

 

Reference : MEC Fundamentals Training Workbook

MEC – Message Management

In MEC, a message can flow in one of two directions

• Inbound
• Outbound

From an M3 perspective, data flows either out from M3 or into M3.

From an MEC perspective, the flow is always in the same direction and is independent of the M3 flow of data.

M3 Standard outbound message flow

The M3 standard outbound message flow is about sending documents out from M3 in different formats. In the scenario, when MEC is used as a messaging connector, MEC exposes M3 business logic as XML or Flat File interfaces.

EDI Outbound Message Flow

In the EDI message flow, an application called an EDI broker is added to handle EDI parts of the message flow. The output from MEC in this case is an XML file in EDI format, according to a specific EDI standard. This EDI XML is sent to the EDI message broker that converts the format of the EDI XML file to the final EDI format, usually a Flat File format.

The EDI broker also provides some communication protocols that might be EDI-specific. In the standard EDI offering from Lawson, you will find a couple of supported EDI broker applications that you can choose from. If you want to use the EDI XML file from MEC as output to your partners, you might skip the EDI broker and send the EDI XML file directly from MEC if the communication protocol is supported.

The outbound message flows can be summarized as below

• The M3 printout program calls the common M3 Output Management (MOM).
• Document information, partner information and key values (e.g. Order number) are given as input to MOM.
• MOM checks the values in Media Management.
• An M3 Business Message Initiator XML document is created.
• The M3 envelope in the XML document contains information about which printout program, Company number, Division, Customer number etc.
• The body in the XML document contains information about which data toretrieve, g. Order number.
• M3 Business Message Initiator file is sent to the MEC server according to the media settings in Media management (CRS949 for partners and MNS204 generically).
• M3 MI-Programs are called from within a MEC Mapping that is executed in. The key values from the MBM Initiator document are used as input.
• The M3 MI Programs retrieves and processes data from the M3 database.
• The output from the MI Programs is used in the MEC mapping. If necessary, the values are converted, e.g. from Customer number to EAN code.
• Dates and times are also re-formatted from M3 format to EDI format. MEC creates the output file in XMI or Flat File format.
• The EDI XML file is written to a directory that the EDI broker polls.
• The EDI broker transforms the XML syntax to EDI syntax and then sends the EDI file to the partner.

EDI Inbound Message

                                                                        Inbound Message Flow

                                                                         Inbound Message Flow EDI

 

The inbound message flow can be summarized as follows

• The EDI broker receives an EDI file from a partner.
• The EDI broker transforms the EDI syntax to XML syntax.
• The EDI broker then writes the EDI XML file to a directory that the MEC server polls.
• M3 MI Programs is called from the MEC Mapping. Which MEC mapping to use is decided by the
• data in the MEC Partner Administration Tool.
• The values from the EDI XML document are used as input to the MI Programs. If necessary, the
• EDI values are converted before the MI Programs are called-for example, from EAN code to
• Customer number. Dates and times are also reformatted from EDI format to M3 format.
• The M3 MI Programs processes and writes data to the M3 database.

Process MEC messages in sequential order (Channel detection)

I got a requirement from a customer to process MEC messages in sequential order (queue). As all of we aware in MEC with standard partner agreement settings, when we drop multiple files at a once then all the files get picked and process simultaneously. Poll interval parameter is there it can delay the next file pick depends on the value we define. But we can’t set the parameter value dynamically hence when first file processing time is longer than the value we define, then MEC will pick the second file and start process.

In Partner agreement there are many options like Poll interval, Ordered, Batch Size etc. But I have tested each setting one at a time none of them are working. Finally, I have found some solution with help of infor Xtream. Proposed solution has set of settings and those were really worked well. So, I have explained it below for others, who’s facing trouble as me.

Poll interval I have setup here 2 minutes, but you can reduce as you desire. Other settings should set as above.

Following is the test scenario I have tested. Drop three files at a once and MEC has picked one at a time.

This slideshow requires JavaScript.

Following capture of the LCM will demonstrate you how the MEC has processed sequentially.

Thank you 🙂

Infor Mongoose – Collaborative Development and Source Control

Collaborative Development

Infor Mongoose supports multi-developer environments by the Check-in / Check-Out functionality. Here the developer can lock the form or IDO he works on, hence no one else can change it.

This functionality is available for:

• Forms Metadata
• IDO Metadata

For protecting Form related Metadata, ‘Form Control utility’ can be used

• Form Control Utility

Open Configuration Manager

• Click on FormControl

Enter the credentials and login

• Check-out a form
  • Select the required form from the dropdown
  • Make sure the “Check out” option is selected in Actions
  • Click the “Execute Action” button to check-out form

• Check in a form
  • Go to the “My Checked Out Objects” and select the required form
  • Make sure “Check in” is selected in actions
  • Click on Execute Action

*Protection of IDOs are handled in a different method than forms. IDO related forms contains 2 buttons for checking-in & out.

Source Control

Infor Mongoose supports external version controlling services to be set-up if needed. Following are the supported source control services.

• Microsoft Visual SourceSafe
• Microsoft Team Foundation Server
• Apache Subversion

 

However the Source controlling in Mongoose doesn’t cover the following items:

• App Metadata
• T-SQL code
• DDLs
• AES Handlers and actions
• Table definitions
• IDO extension class

Setting up source controlling should be done in the Configuration Manager.

• Source control checkbox should be enabled in FormControl and ObjectsMetadata tabs
• Source control server can be set in SourceControl tab

 

 

 

 

 

 

 

 

 

 

 

Infor Mongoose – Set Up and Configuration

1. Download Installation Files

• Mongoose setup files can be downloaded from the Infor Product Download Center
• The Documentation must be downloaded from Infor Xtreme or Mongoose Portal

2.  Installation

2.1  Prerequisites

The following prerequisites should be met to successfully setup the development environment:

• One or machines installed with Windows OS (Windows XP/7/Server 2008/Server2012)
• MS SQL Server for Database Server (SQL server 2008R2/ 2012)
• Visual Studio 2010 for development purposes
• .NET 4.5 for rendering and XML web services (runtime services)
• Source Control (Optional)
  • MS Visual SourceSafe 2005 or later
  • MS Team Foundation Server 2010 or later
  • Apache Subversion 1.7.6 or later

2.2  Setting up the Database server

Mongoose requires 2 main databases.

• Development Database
• Master Database

Source Control database can be setup optionally

* Mongoose configurations should be created for Dev and Master databases. (steps mentioned in following section)

2.3 Installation

Installation file downloaded is a zipped ISO file. It should be extracted and run.

3. Database creation with Configuration Wizard

Run the Mongoose Configuration Wizard on Database server with administrator privileges.

3.1 Database creation process

• Provide the database server credentials
• Database Names Prefix should be provided
• Best practice: use name of application as Names Prefix

• Click on Commit to create databases

• Click Finish to complete

4. Database Configurations with Configuration Manager

• Run configuration Manager (on the Application Server) with Administrator privileges

• Click on ‘New’

• Type the name of the configuration

Fill in the configuration details

• For ‘Runtime’ tab, define the Application DB and Forms DB
• Use the details of databases we created earlier using the Mongoose Configuration Wizard

If the application is created for the first time, the application name should be set in the ‘Site’ field above.

*Additional configurations for the Application can be done by clicking the ‘edit’ button

Additional settings for application:

• This screen will be opened once the ‘edit’ button above is clicked
• The application name must be set
• Splash Image, Application icon etc can also be changed here

Similarly, the server details must be setup in the ‘FormControl’ tab

Next, complete the configuration details in ‘Objects Metadata’ tab

• Click on ‘Set Objects DB Specification’ button and enter the server credentials

5. Adding Web Server Configurations

Go to the Web Servers tab and click on new

Enter a name for the new Web Server

The URL of the Mongoose installed server should be specified here

6.  Concluding the installation

When new configurations a re-created in Mongoose, the Infor Services have to be stopped and restarted.

*Note: This restart should be done in the Application server

Go to Administrative Tools -> Services

Select the ‘Infor Framework IDO Runtime’ Service

Right-click and restart the service

With this step, the Configuration of the application is completed. Open Infor Mongoose and the run the application to test

Application runs successfully!

How to deploy Super (Script assemblies) Jscripts

Scripts using visual studio gives a lot of gained productivity when developing and debugging.

But when you come to deployment it will bit different than standard way. Yes, it’s a small thing but if you’re not aware how to do it. you must spend more time with it.

Following is the basic way to do it.

Step 1

Right click the assembly (.dll) select.

Send To —–> Compressed (zipped) folder

 

Step 2

Login to infor smart office using sysadmin (ex:- Mvxsecofr) account.

Go to Personalization Manager under Administration Tools

Step 3

Select Data Files tab and change file type to MForms Script.

 

 

This is the most important step select “Import Zip”.

Finally upload your zipped dll file from saved location.

How to Create a User with Permission

First log into Mongooes environment with user creation and editing permission. For this, better to log as a SA user. In Win Studio, open ‘Users’ form and Execute ‘Filer and Place’ by pressing F4. This queries the database for all user IDs currently register in the system.

To create a new user profile press CTRL+N. Then specify User Id and optionally Password. To save and register the user setting in the system Click the Save button(CTRL+S). We need to add following information in order to grant the user level permission.

1. User ID – Required for each user who login on the application
2. Password – Each user optionally need password to log in a app
3. Workstation ID – Those information is use to bypass the login information for single sing on
4. Email Address – Allow notification is to be send to the user generated by automated task
5. Editing Permission – Editing permission level determine whether users can enter design mode to create or customized forms
6. Security Authorization – Use to determine forms, fields, rows and for web service session IDOs this user can access. As well as specific permission for the forms.
7. Source Control – For users who are doing development then environment on Mongoose source control interface are enable, specify the source control account to be use for this user perform check in and check out operations.

Note:- If you want to allow all the component access and development environment permission make as ‘Super User’ check box.

Following chart explained the 5 possible Editing permission level in Mongoose.

* If user not mark as super user or SA user, we can use following license modules grant more permission.

User Modules – generation link to user module form

Row Authorization – Assigned user wise form access and editing form level permission

User Authorization – Assigned user wise form access and editing component level permission

Groups – Use to assign users to one or more groups and this is use to develop group level permission

Login Information – Allow user to set additional setting that effect to login

E-mail Address – Provide fields to define one or more emails related to user

Source Control – Setting the source control setting configuration