Infor Technology Blog

« | Main | »

Infor Security Services and Internet Facing Applications

May 6, 2015

By Vinuta Hosur, Senior Software Engineer Product Development

Today most of us work and connect with multiple devices. With concepts such as bring your own device (BYOD) and anytime-anywhere becoming the norm, the need for business applications to be available over the internet is inevitable – users like to be able to access the business applications from any of their devices without having to login to a virtual private network (VPN). Infor Lawson Applications are no exception to this.

Exposing the business applications to the internet increases productivity, however results in the need for added security. Infor Security Services (ISS) achieves this for Infor Lawson Applications by providing the  Domain Authorization feature. This feature not only provides the additional layer of security to the business applications but also the ability to selectively expose only certain parts of the business application to the internet – and it is configurable by the administrators as per their business/information security needs.

Feature Overview


Figure 1: Domain Authorization for External Domain

Domain Authorization layer acts in addition to User Authorization and not in lieu of it. Once the user credentials are validated, domain of the user is determined. Depending on the domain from which the user is accessing the application, an additional layer of access control comes into play – if the user is accessing the application from an external domain (internet), before proceeding to User Authorization, Domain Authorization check is performed based on the rules set by the administrator, which determines whether the object (form, data or executable) being accessed is visible to the external domain. Once it is determined that the application is accessible to the external domain, the system proceeds to check User Authorization.

Domain Rule File Structure

Domain Authorization check is performed based on XML based Domain Rules files. The default rule files for each Infor Lawson Application are bundled with the application. They can be customized as per customer needs.


Figure 2: Sample domain rule file

Rule files are designed to secure various object types such as forms, data and executables with fine grained access control rules at the Domain level. Rule file structure allows for exclusive, inclusive and composite rules to be defined.


Rule File Management from ISS

Once the domains are configured in the system, rule file assignment to domains can be managed using Infor Security Services admin console.


Figure 3: Manage Domain rules from ISS admin console

Rules can be changed, enabled and disabled using the same ISS user interface during runtime – restart of the application is not necessary for changes to take effect. Multiple rule files are assigned per domain, per data area. The XML rule files provided by the applications  and  assigned to a domain should be placed under the directory $LAWDIR\security\domainauth\<domain-name>\. 

Versions Supported


  • Infor Lawson System Foundation (LSF) – or higher and or higher (fully patched)
  • Infor Lawson Portal – or higher
  • Infor Lawson for Ming.le or higher
  • Applications supported as of today:
  • Infor Employee and Manager Self-Service (EMSS) –
  • Infor Lawson Mobile Employee –


Further information on Internet Facing Applications feature can be found in –

  • Infor Employee and Manager Self-Service Administration Guide,
  • Infor Employee and Manager Self-Service Technical Documentation 10.0.x
  • Mobile Employee Reference Guide
  • Infor Security Services Configuration Guide


Using this feature, Infor Lawson customers can securely expose the required parts of Infor Lawson Business Applications to their users on the internet without requiring a VPN.

*Icon made by Freepik from 



Leave a Reply

Your email address will not be published.