infor.com
concierge
infor u
developer portal
documentation central
Posts
Categories
Groups
Hubs
Developer
Healthcare
Hospitality
Public Sector
CloudSuites
Aerospace & Defense (LN)
Automotive (LN)
Chemicals (M3)
Corporate (FSM/HRT)
Distribution (Sx.e/CSD)
Distribution Enterprise (M3)
Engineering & Construction (LN)
Fashion (M3)
Food & Beverage (M3)
Healthcare (FSM/HRT)
Industrial (Syteline/CSI)
Industrial Enterprise (LN)
Manufacturing (M3)
Public Sector (FSM/HRT)
Solutions
Supply Chain Management (SCM)
Human Capital Management (HCM)
Events
Groups
Your Groups
User Groups
Migrated Forums
FSM/HCM/S3 - Infor Lawson 10.x
HCM/S3 - Learning and Development
HCM/S3 - Global HR
HCM/S3 - Talent Acquisition
HR Service Delivery
Human Capital Management (HCM) - EMEA
Infor Configuration Management for Service Industries
Lawson - Business Intelligence
Lawson - Financials
Lawson - Human Resources
Lawson - Supply Chain
Lawson - Supply Chain Management
Lawson - Technology
MSCM on Landmark
About
Community News
Email Community Support
Home
Groups
Process Automation (IPA) Community
Rich Client login failure after federating
mbozenik
We've gone through the federation process and everything seems to be working fine. LSF is the primary authentication service.
The inbaskets are working as desired, LPA web admin works, scwebadmin works, but can't login using the rich client. We get Invalid username/password. Should this be expected? I don't see anything being logged on the LSF nor the Landmark server. We can do everything via LPA Web Admin, but curious why the rich clients would stop working after federating.
Find more posts tagged with
Comments
Legacy Contributor
What version of Landmark? Are you bound to AD?
mbozenik
Both were bound to AD prior to federating.
Landmark 10.1.1.29.4664
mbozenik
I assume there may be an issue with SSOPV2, but I'm not sure. From Landmark server the SSOPV2 service looks ok. See below, it has Refers to another server set to true, but when I view the SSOPV2 service from ISS the "Is reference" check box is NOT checked and it seems like it should be. It has the reference service name set to SSOP which is consistent
secadm service display SSOPV2
User : LAWIPAlawson, LongName lawson
Service factory: com.lawson.webservs.service.ServiceLocalFactory created
Service Name: SSOPV2
Description:
SSO Protocol Version: 2.0
Refers To Another Service: true
Referred Service Name: SSOP
Service Type: FormBased
Login Scheme Name: SSOP
Login Scheme Expression:
Account Lockout Policy Name: null
Password Reset Policy Name: null
Anonymous User Supported: false
Delete Constraints:
Assignment Constraints:
Password Policy:
Service Protocol: HTTP_ONLY
Has Own SSO Pages: false
Track Last Successful Login: false
DONE.
Legacy Contributor
Does the Rich Client applet get you any further?
FQDNLandmark.com:80/.../richclientapplet.html
-m FQDNLandmark.com:50005 gen
Substitue FQDNLandmark with your server. It should attempt to open Rich Client in a browser and maybe more information will be visible or a log file will be written to with more details.
mbozenik
I had tried that as well and got invalid username/password. viewing the details returns this: --Still can't find anything on the servers being recorded.
ViewException:
Class Name: null
Stack Trace:
com.lawson.security.authen.SecurityAuthenException: Invalid username/password
at com.lawson.security.authen.InternalLawsonWebAuthFactory.authenticate(InternalLawsonWebAuthFactory.java:424)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.lawson.interfaces.security.RemoteSecurityManager.authenticate(RemoteSecurityManager.java:387)
at com.lawson.desktop.login.CanvasUserLoginTask.doLogin(CanvasUserLoginTask.java:349)
at com.lawson.desktop.login.CanvasUserLoginTask.doLogin(CanvasUserLoginTask.java:172)
at com.lawson.desktop.login.CanvasUserLoginTask.access$100(CanvasUserLoginTask.java:36)
at com.lawson.desktop.login.CanvasUserLoginTask$DoLoginWorker.doInBackground(CanvasUserLoginTask.java:441)
at com.lawson.desktop.login.CanvasUserLoginTask$DoLoginWorker.doInBackground(CanvasUserLoginTask.java:428)
at javax.swing.SwingWorker$1.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at javax.swing.SwingWorker.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
jreese
One thing we found with our configuration, and are trying to get remedied, is that when logging into the rich client we had to include the domain with the username. We can log in to LSF with just the username but Landmark is requiring us to include the domain.
Legacy Contributor
Just wondering, you federated, did an ISS Sync so all systems show green bars and then did the Set Primary authentication via ISS right afterwards? That last command made changes (for our configuration)
yourServer.com/.../index.html
. Did you engage Xtreme support on this one?
jreese
Can the Lawson account log in to the Rich Client? Have you added Landmark security roles to your account to give you access to the Rich Client?
mbozenik
The synchronization process went all the way through. I had a few conflicts here and there as expected. Had one email address that had to be corrected, but eventually all components were synchronized. The set PAS worked as well. The lsservice.properties files look good on both systems, from what I can tell.
I tried specifying the domain on the login account and got the same results.
I restarting everything again to see if that helps.
Legacy Contributor
Verify no port conflicts between LSF & Landmark (maybe firewall, antivirus?) -
server.authservicename=SSOP
server.default.port=####
server.default.relyingservice=SSOPV2
server.default.sslport=#####
at a command prompt
>netstat -an
good luck.
Infor_Reporting_Categories.pdf
mbozenik
Resolved. I opened a ticket with support and they pulled through. I had to change the login scheme name for SSOP and SSOPV2 to point at SSOPV2_LDAP_BIND which was the name created when performing the LDAP bind.
Important Links
Community Hubs
Discussion Forums
Groups
Community News
Popular Tags
CPQ: Ask a Colleague
FAQs, How-To, and Best Practices
Idea
Infor OS Portal
UI Design
CPQ: Tips and Tricks
Widget Development
Infor Homepages
Infor Ming.le
Infor EPM Migration
