This call was blocked since it contained a redirect to a URL that could not be validated to be safe.

unknown

Hello,

we use the HR product v10

We installed a core technology patch LSFCT_WIN2012_10000900P44967.zip (mandatory patch for MSP8)

After the patch was installed, all our users are greeted with a message instead of the login screen:

[infor logo in the middle]

This call was blocked since it contained a

redirect to a URL that could not be validated to

be safe. Please contact your system

administrator for further details.

security_authen.log says:

Security Violation: an illegal url servername.ourorganization.org/.../index.htm has been detected.
Hostname of the URL is not in whitelist! [https://servername.ourorganization.org/lawson/portal/index.htm?portalloadreference=1556992686789]

If this is a false-positive, add [ValidateHostnames=false] in service properties of the default primary service

Where can I find the whitelist file or the config file that holds ValidateHostnames setting?

KLAS Initiative - Monthly Release Customer Enablement - Customer Draft - 20211025.xlsx

Find more posts tagged with

Infor Lawson Technology Group - Discussion

Comments

unknown

That usually is an easy one:

1. Make absolutely sure your endpoints and endpoint groups are defined correctly in LSF and LM (e.g. they have to be paired up)

2. You can disable the verification by adding ValidateHostnames=false property to the SSOP service (if SSOP is a primary) - just like the message says

Alex.

unknown

Hi Alex,

I hope you don't mind explaining some more.

Are the endpoints defined in the Websphere Applicaiton Server?

Is there an SSOP config file where I can set the ValidateHostNames=False ?

All I can find about SSOP in the docs.infor site is about identities.

or do I create a loadfile for all users?

<BATCH_LOAD>

<IDENTITY SERVICENAME="ssop">

<RDID><![CDATA[1234]]></RDID>

<USER><![CDATA[user01]]></USER>

<VALIDATEHOSTNAMES><![CDATA[False]]></VALIDATEHOSTNAMES>

</IDENTITY>

...

unknown

1. Endpoints are defined in Lawson. In LSF you do so via ssoconfig, and in LM via secadm or Rich Client. There are many rules that govern endpoints (you need to have SSO domains defined, assign them to proper services etc). Search for proper KB that has those. LSF and LM admin documentation has that as well.

2. You add attributes to a service in LSF via ssoconfig, and NOT via a file. Just run SSOCONFIG and see what options you see on the menus related to services.

Alex.

rm_benefit_administration_aca_training.pptx

unknown

Thank you so much!

You've opened up an avenue if research I haven't considered looking at.

Copyright © 2025 Infor. All rights reserved.