PrevPrev Go to previous topic
NextNext Go to next topic
Last Post 2/19/2010 5:55 PM by  Carlotta McCormick
LSF9 Portal max failed login attempts puts error text dump all over web page
 5 Replies
Sort:
You are not authorized to post a reply.
Author Messages
jeremy.zerr
Private
Private
Advanced Member
(55 points)
Advanced Member
Posts:23


Send Message:

--
7/6/2009 9:05 PM
    With our move to LSF9 Portal and the SSO system, we now have the problem that when a user reaches the max number of failed login attempts, we get a pageful of a big servlet error dump.

    No page that says something nice like, "you exceeded the max number of failed login attempts, please call the help desk to reset your password".

    Its about 3 pagefuls of error text starting like this:
    com.lawson.lawsec.authen.SecurityAuthenException:Got exception while binding for oneOfOurLawsonUsers in LDAP.

    This is not considered a bug by Lawson, so we will have to address this ourselves.

    So my question is, does anyone out there know how to customize that error screen?  I can't seem to find what file it is or anything, so any info you have will be useful.  We also don't host our own server, so it makes it impossible for me to just poke around until I find it like I normally would do.

    Any help will be much appreciated.

    Thanks, Jeremy
    Paxson Kabala
    Private
    Private
    Basic Member
    (10 points)
    Basic Member
    Posts:4


    Send Message:

    --
    12/1/2009 2:54 PM

    Hi Jeremy.  We just upgraded to LSF9 and are experiencing the same issue.  Did you get any assistance with this that you can share?

    Much appreciated...

    Paxson

    Annie Lu
    **
    LV
    New Member
    (3 points)
    New Member
    Posts:1


    Send Message:

    --
    2/19/2010 3:22 PM
    Hi Jeremy/Paxson,

    Did you get any response about this issue. We are experiencing the same thing.
    Thanks for the help.
    Annie
    Joe O'Toole
    Private
    Private
    Veteran Member
    (802 points)
    Veteran Member
    Posts:312


    Send Message:

    --
    2/19/2010 5:00 PM
    We had a similar issue when our network admins were doing maintenance on the DC and AD but it was intermittent. Are these local or remote / low bandwidth users? Does your network admin have auto unlock set or do you leave accounts locked indefinitly? Could it be possible that LSF is not getting timely enough response from AD or the account satus is out of date?
    jeremy.zerr
    Private
    Private
    Advanced Member
    (55 points)
    Advanced Member
    Posts:23


    Send Message:

    --
    2/19/2010 5:21 PM
    We're on 8.0.3 apps, Lawson has said that this problem is fixed in version 9 of apps, which is why they won't do anything about it. We have our servers hosted, so we don't have a lot of control about what is going on with the server either. It happens to everyone when they exceed their max login attempts.

    I've designed a client-side method to work around it, but haven't implemented it yet because it is pretty invasive with code in login.js and portal.js, basic premise is to attempt to track the number of failed login attempts client side using a cookie, popup warning messages when people are approaching the max login attempt fails, and prevent them exceeding the max by preventing the next post to the server and handling it client side with an alert box to call a help desk to reset password along with code that prevents the form from being submitted that would cause the jumbled mess of an error to show. Its definitely not failproof, but still a lot better than what we are dealing with now.

    Jeremy
    Carlotta McCormick
    Private
    Private
    Basic Member
    (15 points)
    Basic Member
    Posts:7


    Send Message:

    --
    2/19/2010 5:55 PM
    Jeremy: We're hosted, and on 9.0 environment and apps, and we still have this issue. I understand this is an issue with LDAP and not lawson directly. We don't have a fix for it--we just have users contact the helpdesk, and gave them the rights to reset LDAP passwords.
    You are not authorized to post a reply.