PrevPrev Go to previous topic
NextNext Go to next topic
Last Post 06/16/2015 10:47 AM by  JimY
After applying CU23 Landmark Technology I receive and error when logging in the second time
 2 Replies
Sort:
You are not authorized to post a reply.
Author Messages
JimY
Private
Private
Veteran Member
(1089 points)
Veteran Member
Posts:389


Send Message:

--
06/16/2015 7:54 AM

    Hello,

          After applying CU23 Landmark technology I receive the error below when I log in a second time to EMSS.  I log in once, log out and then log in again and I receive the error.  If I wait awhile I can log in again.  The error is:

    </p>
    <p>&nbsp;Error: It is a invalid request. Please contact your system administrator for further details.</p>
    <p>

     

    In my security_authen.log file I am seeing the error below:

    </p>
    <p>&nbsp;<br />
    Source address = 172.17.48.170<br />
    Requested URL = https://lawson-lsatest.hmc.hurleymc.com/sso/SSOServlet<br />
    Request query string =_action=MIGRATESESSION&amp;LA_SESSION_ID=1oEi3x!2Bda2TYTuricqmjqLkQomu0JnPneKqF05e0!2FRrf!2BonGQ8Ei!2BAAAAU34YigX&amp;ACTOR=lawson&amp;SSO_USERNAME=lawson&amp;LOGIN_IDENTKEY=User:lawson&amp;LOGIN_SERVICE=LTMTEST.HCMAPP.MANAGERSELFSERVICE&amp;SSO_DOMAIN=DefaultSSODomain&amp;_serviceName=LTMTEST.HCMAPP.MANAGERSELFSERVICE&amp;LANGUAGE=null&amp;LOCALE=en_US&amp;CALENDAR_TYPE=null&amp;_ssoClientType=&amp;_ssoTenant=DEFAULT&amp;NotBefore=1434391291942&amp;NotOnOrAfter=1434391351942&amp;_ssoOrigUrl=https%3A%2F%2Flawson-lsatest.hmc.hurleymc.com%3A443%2Fltmtest%2FManagerSelfService%2Fhtml%2FManagerSelfService%3Fcsk.HROrganization%3D1000&amp;_TKM=-796428683&amp;_ssovaltoken=joik6%2Fq9jDpsO28yTCcoeGAFZIM%3D<br />
    Cache-Control: no-cache<br />
    Accept: text/html, application/xhtml+xml, */*<br />
    Accept-Encoding: gzip, deflate<br />
    Accept-Language: en-US<br />
    Cookie: JSESSIONID=0000Dc1UgKka8SZdGvAOnMd2Y3W:-1<br />
    Host: lawson-lsatest.hmc.hurleymc.com<br />
    Referer: https://lawson-appwebt.hmc.hurleymc.com/sso/SSOServlet?_action=LOGINASSERT&amp;_ssoOrigUrl=https%3A%2F%2Flawson-lsatest.hmc.hurleymc.com%3A443%2Fltmtest%2FManagerSelfService%2Fhtml%2FManagerSelfService%3Fcsk.HROrganization%3D1000&amp;_TKM=TODO-UI&amp;_serviceName=LTMTEST.HCMAPP.MANAGERSELFSERVICE&amp;_ssoTenant=DEFAULT&amp;_ssoAuthUrl=https%3A%2F%2Flawson-lsatest.hmc.hurleymc.com%3A443%2Fsso%2FSSOServlet&amp;_ssovaltoken=X5wdBjuUo5iGE4t4lLyByw4WIY8%3D<br />
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)<br />
    $WSIS: true<br />
    $WSSC: https<br />
    $WSPR: HTTP/1.1<br />
    $WSRA: 172.17.48.170<br />
    $WSRH: 172.17.48.170<br />
    $WSSN: lawson-lsatest.hmc.hurleymc.com<br />
    $WSSP: 443<br />
    Surrogate-Capability: WS-ESI="ESI/1.0+"<br />
    _WS_HAPRT_WLMVERSION: -1<br />
    Parameter Map = {LOGIN_SERVICE=[LTMTEST.HCMAPP.MANAGERSELFSERVICE],_ssovaltoken=[joik6/q9jDpsO28yTCcoeGAFZIM=],_action=[MIGRATESESSION],_ssoOrigUrl=[https://lawson-lsatest.hmc.hurleymc.com:443/ltmtest/ManagerSelfService/html/ManagerSelfService?csk.HROrganization=1000],LOCALE=[en_US],SSO_DOMAIN=[DefaultSSODomain],LANGUAGE=[null],_ssoClientType=[],SSO_USERNAME=[lawson],NotBefore=[1434391291942],_ssoTenant=[DEFAULT],NotOnOrAfter=[1434391351942],_TKM=[-796428683],LA_SESSION_ID=[1oEi3x!2Bda2TYTuricqmjqLkQomu0JnPneKqF05e0!2FRrf!2BonGQ8Ei!2BAAAAU34YigX],LOGIN_IDENTKEY=[User:lawson],CALENDAR_TYPE=[null],ACTOR=[lawson],_serviceName=[LTMTEST.HCMAPP.MANAGERSELFSERVICE],}<br />
    Mon Jun 15 14:01:29 EDT 2015 - 1409085610: Error: It is a invalid request<br />
    Stack Trace : <br />
    com.lawson.security.interfaces.GeneralLawsonSecurityException: It is a invalid request<br />
    at com.lawson.security.authen.SSOServiceInteractor.createLocalMigratedSession(SSOServiceInteractor.java:5500)<br />
    at com.lawson.security.authen.SSOServiceInteractor.processMigrateSessionAction(SSOServiceInteractor.java:2699)<br />
    at com.lawson.security.authen.SSOServiceInteractor._processRequest(SSOServiceInteractor.java:219)<br />
    at com.lawson.security.authen.SSOServiceInteractor.processRequest(SSOServiceInteractor.java:161)<br />
    at com.lawson.security.authen.SSOServlet.process(SSOServlet.java:517)<br />
    at com.lawson.security.authen.SSOServlet.doGet(SSOServlet.java:226)<br />
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:575)<br />
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:668)<br />
    at com.ibm.ws.cache.servlet.ServletWrapper.serviceProxied(ServletWrapper.java:307)<br />
    at com.ibm.ws.cache.servlet.CacheHook.handleFragment(CacheHook.java:562)<br />
    at com.ibm.ws.cache.servlet.CacheHook.handleServlet(CacheHook.java:255)<br />
    at com.ibm.ws.cache.servlet.ServletWrapper.service(ServletWrapper.java:259)<br />
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1230)<br />
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:779)<br />
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:478)<br />
    at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:178)<br />
    at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1071)<br />
    at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:87)<br />
    at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:914)<br />
    at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1662)<br />
    at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:200)<br />
    at com.ibm.ws.ard.channel.ARDChannelConnLink.handleDiscrimination(ARDChannelConnLink.java:218)<br />
    at com.ibm.ws.ard.channel.ARDChannelConnLink.ready(ARDChannelConnLink.java:123)<br />
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:459)<br />
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:526)<br />
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:312)<br />
    at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:88)<br />
    at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1818)<br />
    at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:175)<br />
    at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)<br />
    at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)<br />
    at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)<br />
    at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)<br />
    at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)<br />
    at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)<br />
    at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1864)<br />
    .</p>
    <p>

    Peter O
    Systems Analyst
    Independent
    Veteran Member
    (205 points)
    Veteran Member
    Posts:69


    Send Message:

    --
    06/16/2015 10:38 AM
    I wonder if it's a server caching issue - if the server cahces the session token locally, Perhaps you're logging in too quickly before the server has cleared & re-established a valid session?
    Given that you can still log in a little bit later, this makes me wonder if it's related to that. You might want to send it to AMS to see if they can put up a JT to be fixed in Landmark 10.2
    JimY
    Private
    Private
    Veteran Member
    (1089 points)
    Veteran Member
    Posts:389


    Send Message:

    --
    06/16/2015 10:47 AM
    That sound valid. I did find the below JT in the Net Change report and wonder if it is related to that. Our DSP version is Infor Security Administrator 2.0, Build Version : 10.1.0.1577.

    JT-739564 - Security program was designed to not allow one user to re-login if the SSO session is available for
    web based program. If a user logs in from rich client (Java application), the security program uses xfer_token to
    satisfy SSO when launching web app (LMS). DSP loads the canvas from browser and login. So security does not
    allow the same user re-login if this user did not logout.
    In order to satisfy DSP requirement, the security program has been modified to allow the user re-login even SSO
    session is still available when LMS was launched from rich client.
    
    You are not authorized to post a reply.