PrevPrev Go to previous topic
NextNext Go to next topic
Last Post 06/16/2015 10:47 AM by  JimY
After applying CU23 Landmark Technology I receive and error when logging in the second time
 2 Replies
Sort:
You are not authorized to post a reply.
Author Messages
JimY
Private
Private
Veteran Member
(1194 points)
Veteran Member
Posts:428


Send Message:

--
06/16/2015 7:54 AM

    Hello,

          After applying CU23 Landmark technology I receive the error below when I log in a second time to EMSS.  I log in once, log out and then log in again and I receive the error.  If I wait awhile I can log in again.  The error is:

     Error: It is a invalid request. Please contact your system administrator for further details.

     

    In my security_authen.log file I am seeing the error below:

     
    Source address = 172.17.48.170
    Requested URL = https://lawson-lsatest.hmc.hurleymc.com/sso/SSOServlet
    Request query string =_action=MIGRATESESSION&LA_SESSION_ID=1oEi3x!2Bda2TYTuricqmjqLkQomu0JnPneKqF05e0!2FRrf!2BonGQ8Ei!2BAAAAU34YigX&ACTOR=lawson&SSO_USERNAME=lawson&LOGIN_IDENTKEY=User:lawson&LOGIN_SERVICE=LTMTEST.HCMAPP.MANAGERSELFSERVICE&SSO_DOMAIN=DefaultSSODomain&_serviceName=LTMTEST.HCMAPP.MANAGERSELFSERVICE&LANGUAGE=null&LOCALE=en_US&CALENDAR_TYPE=null&_ssoClientType=&_ssoTenant=DEFAULT&NotBefore=1434391291942&NotOnOrAfter=1434391351942&_ssoOrigUrl=https%3A%2F%2Flawson-lsatest.hmc.hurleymc.com%3A443%2Fltmtest%2FManagerSelfService%2Fhtml%2FManagerSelfService%3Fcsk.HROrganization%3D1000&_TKM=-796428683&_ssovaltoken=joik6%2Fq9jDpsO28yTCcoeGAFZIM%3D
    Cache-Control: no-cache
    Accept: text/html, application/xhtml+xml, */*
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US
    Cookie: JSESSIONID=0000Dc1UgKka8SZdGvAOnMd2Y3W:-1
    Host: lawson-lsatest.hmc.hurleymc.com
    Referer: https://lawson-appwebt.hmc.hurleymc.com/sso/SSOServlet?_action=LOGINASSERT&_ssoOrigUrl=https%3A%2F%2Flawson-lsatest.hmc.hurleymc.com%3A443%2Fltmtest%2FManagerSelfService%2Fhtml%2FManagerSelfService%3Fcsk.HROrganization%3D1000&_TKM=TODO-UI&_serviceName=LTMTEST.HCMAPP.MANAGERSELFSERVICE&_ssoTenant=DEFAULT&_ssoAuthUrl=https%3A%2F%2Flawson-lsatest.hmc.hurleymc.com%3A443%2Fsso%2FSSOServlet&_ssovaltoken=X5wdBjuUo5iGE4t4lLyByw4WIY8%3D
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
    $WSIS: true
    $WSSC: https
    $WSPR: HTTP/1.1
    $WSRA: 172.17.48.170
    $WSRH: 172.17.48.170
    $WSSN: lawson-lsatest.hmc.hurleymc.com
    $WSSP: 443
    Surrogate-Capability: WS-ESI="ESI/1.0+"
    _WS_HAPRT_WLMVERSION: -1
    Parameter Map = {LOGIN_SERVICE=[LTMTEST.HCMAPP.MANAGERSELFSERVICE],_ssovaltoken=[joik6/q9jDpsO28yTCcoeGAFZIM=],_action=[MIGRATESESSION],_ssoOrigUrl=[https://lawson-lsatest.hmc.hurleymc.com:443/ltmtest/ManagerSelfService/html/ManagerSelfService?csk.HROrganization=1000],LOCALE=[en_US],SSO_DOMAIN=[DefaultSSODomain],LANGUAGE=[null],_ssoClientType=[],SSO_USERNAME=[lawson],NotBefore=[1434391291942],_ssoTenant=[DEFAULT],NotOnOrAfter=[1434391351942],_TKM=[-796428683],LA_SESSION_ID=[1oEi3x!2Bda2TYTuricqmjqLkQomu0JnPneKqF05e0!2FRrf!2BonGQ8Ei!2BAAAAU34YigX],LOGIN_IDENTKEY=[User:lawson],CALENDAR_TYPE=[null],ACTOR=[lawson],_serviceName=[LTMTEST.HCMAPP.MANAGERSELFSERVICE],}
    Mon Jun 15 14:01:29 EDT 2015 - 1409085610: Error: It is a invalid request
    Stack Trace :
    com.lawson.security.interfaces.GeneralLawsonSecurityException: It is a invalid request
    at com.lawson.security.authen.SSOServiceInteractor.createLocalMigratedSession(SSOServiceInteractor.java:5500)
    at com.lawson.security.authen.SSOServiceInteractor.processMigrateSessionAction(SSOServiceInteractor.java:2699)
    at com.lawson.security.authen.SSOServiceInteractor._processRequest(SSOServiceInteractor.java:219)
    at com.lawson.security.authen.SSOServiceInteractor.processRequest(SSOServiceInteractor.java:161)
    at com.lawson.security.authen.SSOServlet.process(SSOServlet.java:517)
    at com.lawson.security.authen.SSOServlet.doGet(SSOServlet.java:226)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:575)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:668)
    at com.ibm.ws.cache.servlet.ServletWrapper.serviceProxied(ServletWrapper.java:307)
    at com.ibm.ws.cache.servlet.CacheHook.handleFragment(CacheHook.java:562)
    at com.ibm.ws.cache.servlet.CacheHook.handleServlet(CacheHook.java:255)
    at com.ibm.ws.cache.servlet.ServletWrapper.service(ServletWrapper.java:259)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1230)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:779)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:478)
    at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:178)
    at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1071)
    at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:87)
    at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:914)
    at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1662)
    at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:200)
    at com.ibm.ws.ard.channel.ARDChannelConnLink.handleDiscrimination(ARDChannelConnLink.java:218)
    at com.ibm.ws.ard.channel.ARDChannelConnLink.ready(ARDChannelConnLink.java:123)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:459)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:526)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:312)
    at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:88)
    at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1818)
    at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:175)
    at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
    at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
    at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
    at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
    at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
    at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
    at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1864)
    .

    Peter O
    Systems Analyst
    Independent
    Veteran Member
    (205 points)
    Veteran Member
    Posts:69


    Send Message:

    --
    06/16/2015 10:38 AM
    I wonder if it's a server caching issue - if the server cahces the session token locally, Perhaps you're logging in too quickly before the server has cleared & re-established a valid session?
    Given that you can still log in a little bit later, this makes me wonder if it's related to that. You might want to send it to AMS to see if they can put up a JT to be fixed in Landmark 10.2
    JimY
    Private
    Private
    Veteran Member
    (1194 points)
    Veteran Member
    Posts:428


    Send Message:

    --
    06/16/2015 10:47 AM
    That sound valid. I did find the below JT in the Net Change report and wonder if it is related to that. Our DSP version is Infor Security Administrator 2.0, Build Version : 10.1.0.1577.

    
    JT-739564 - Security program was designed to not allow one user to re-login if the SSO session is available for
    web based program. If a user logs in from rich client (Java application), the security program uses xfer_token to
    satisfy SSO when launching web app (LMS). DSP loads the canvas from browser and login. So security does not
    allow the same user re-login if this user did not logout.
    In order to satisfy DSP requirement, the security program has been modified to allow the user re-login even SSO
    session is still available when LMS was launched from rich client.
    
    You are not authorized to post a reply.