Auto Resetting of SSOP Password

Sort:
You are not authorized to post a reply.
Author
Messages
Saurabh
Veteran Member
Posts: 94
Veteran Member
    Hi
    We are on a W2003, SQL2005 backend , LSF9.1, App 8.1.

    We are looking to implement some facility to give the end user the flexibility to reset their SSO password / have a lost password facility , rather than logging a call with the service desk to get it reset.

    Has anyone implemented anything similar and is willing to share the info

    Regards
    Saurabh
    Joe O'Toole
    Veteran Member
    Posts: 314
    Veteran Member
      If you are referring to the users "Windows" password, we use a product called SSRPM that is sold by Tools4Ever. There are many products on the market that provide password reset via challange / response questions. This one was fairly simple to implement, pretty flexible and not too expensive.
      Derek Czarny
      Veteran Member
      Posts: 63
      Veteran Member
        Did you integrate the SSRPM with Lawson, or do they have to go somewhere else to reset their password?
        Joe O'Toole
        Veteran Member
        Posts: 314
        Veteran Member
          We hung the url on the same menu they use to access ESS / MSS. We use a "generic" windows account on the kiosk so they only need to supply their windows credentials to access ESS. On the menu, there is a registration option they use to set up their questions and answers and a reset option they would use if they forgot their password. Having the link "inside" of Lawson wouldn't help much because you wouldn't be able to get to it if you forgot your password and could not log in.
          Saurabh
          Veteran Member
          Posts: 94
          Veteran Member
            So have you linked the Windows login to the Lawson id and password ? Our user's Lawson id are different to the actual windows login and password so not sure if SSRPM will work?
            e.g Windows user id DOMAIN1\User.Name
            lawson user id in portal UName
            actual id held in LDAP /UName

            We only want to change the Single Sign on Password for Id UName

            Regards
            Saurabh
            John Henley
            Senior Member
            Posts: 3348
            Senior Member
              If all you want to change is the SSOP password--and you are not using ldapbind--you can change the password via 1) ProcessFlow Integrator or 2) an XML using loadusers or ssoconfig.
              Thanks for using the LawsonGuru.com forums!
              John
              Saurabh
              Veteran Member
              Posts: 94
              Veteran Member
                Hi John
                I dont believe we use the ldapbind (the users are allowed to change password when logged into portal).
                If we use process flow integrator how will that give control to the end users?? Any tips on how to create this?

                With option(2) would we have to create a front end with which we could get some details from the user and then create a xml file in the applicaton server with the details required for password change script which could be scheduled to run every so often.

                Regards
                Saurabh
                John Henley
                Senior Member
                Posts: 3348
                Senior Member
                  Yes, you would need some sort of front-end/process to reset their password on-demand. There are various ways (and arguments on the techniques) of doing it.
                  Thanks for using the LawsonGuru.com forums!
                  John
                  Alex Tsekhansky
                  Veteran Member
                  Posts: 92
                  Veteran Member
                    Hi, Saurabh!

                    As you probably noticed, Lawson does not have this feature right now, and the only way is to defign a custom front-end interface.
                    We have done so for several clients, and tested it on UNIX and Windows. Such interface would implement password reset, admin functions (allow SOME people to reset ANYONE's password), password expiration etc. Note that the way how Lawson processes logins is slightly different between 9.0.0 and 9.0.1, so we really did separate interfaces for those versions.

                    Thank you.
                    Alex.
                    Joe O'Toole
                    Veteran Member
                    Posts: 314
                    Veteran Member
                      Saurabh,
                      If you are not bound to AD and are using seperate passwords in SSOP, then commercially available solutions will not be a help since they are talking to AD and are not aware of the Lawson LDAP entries. You will need to go one of the paths that John and Alex suggested. We did not want to buy PF Integrator just for this one purpose so I built a process to create the XML file for the loadusers utility and run this on a daily basis to provision new accounts. Changing passwords would be similar except Loadusers would just update the existing record rather than adding one, createing the file is not bad, but you could have quite a bit of work ahead of you if you want this to be triggered by the end user and provide challange / response feature. Alex - can you elaborate on what is different in the login process between LSF 9.0.0 and 9.0.1?
                      Thanks,
                      Joe
                      Alex Tsekhansky
                      Veteran Member
                      Posts: 92
                      Veteran Member
                        Hi, Joe!

                        The main differences betwen 9.0.0 and 9.0.1 on a web side of things are:

                        1. in 9.0.0 lawson uses two cookies to track session, and in 9.0.1 - three cookies
                        2. In 9.0.0 lawson did not verify the browser type (so I did not have to code the browser identification string in my scripts), and in 9.0.1 it does

                        Thanks.

                        Alex.
                        Joe O'Toole
                        Veteran Member
                        Posts: 314
                        Veteran Member
                          Thanks Alex! Do you know if Portal loads any faster in LSF 9.01? We are on 9.004 and the log in screen takes forever to load for our remote users with low bandwidth connections (IE: 128k). If the IE browser cache gets cleared it can take up 3-4 minutes for the log in screen to load. I have SSOP configured using "HTTPS for login only" for these users since they are on our secure intranet.
                          Joe
                          Alex Tsekhansky
                          Veteran Member
                          Posts: 92
                          Veteran Member
                            Joe -

                            The 901 uses similar login screen, so it will not be faster. However, there are techniques to optimize the load. I assume that the problem is between the browser and the web server (since you said that the issue is related to remote user - and I guess not to local users).

                            First, if they're on the intranet, get rid of the SSL if possible.
                            SSL is a BIG hog, and will slow down things between the browser and the web server. It will also introduce lots of extra web traffic.

                            Second, tune keep-alives between your browser and the web server. If you use IHS, I suggest getting Apache tuning guide (if you will not find one, let me know and I will look it up).

                            Third, make sure you use optimal browser settings. I hate to suggest things unsupported by Lawson officially, but IE8 processes javascript must faster than IE7, and I really recommend it in such cases.

                            Let's see if any of that helps.

                            Thanks.

                            Alex.
                            John Henley
                            Senior Member
                            Posts: 3348
                            Senior Member
                              Posted By Joe O'Toole on 08/17/2009 11:08 AM
                              the log in screen takes forever to load for our remote users with low bandwidth connections (IE: 128k).
                              Is it the page load that is slow, or the authentication?
                              Thanks for using the LawsonGuru.com forums!
                              John
                              Joe O'Toole
                              Veteran Member
                              Posts: 314
                              Veteran Member
                                It's the login page load that is slow before the login is even attempted. We're running IE 6 in our remote store locations and configured for HTTPS for login only since these sites are all on our private network. Unlike full HTTPS, in this setup the bulk of the data is cached and performace is fine once they're in the application. I've tinkered with the "sec_to_load" parameter, but I think this really only adjusts the time before a timeout error is displayed vs. improving performance. We'll probably be upgrading to 9.01 and increasing our bandwidth over the next year so this will not be a problem for us forever.
                                You are not authorized to post a reply.