In LBI Auditing Part 1, we went over enabling dashboard auditing. This time we will go over how to set up special Admin Audit Reports to view more information about LBI activity via Framework/Reporting Services and Smart Notifications. These reports are for 10.6.0.0 and later but check with Infor if they are supported for older versions.

 

  1. Login to Infor Support Portal and go to the LBI Product Download page.
  2. Download the BI-Samples.zip file and unzip to a temporary location
  3. Locate Infor-LBI-Admin-Reports-SolutionPack.zip
  4. Login into LBI and go to Tools dashboard
  5. Click the Deployment Utility link and a Deployment Utility window will pop-up
  6. Browse for the solution pack mentioned in Step 3, select it and then click Import
    • NOTE: Framework Services content is delivered in a folder called fs; Reporting Services in a folder called rs; Smart Notification in a folder called sn.
    • No tab will be displayed for a service if the solution package does not contain a solution for that service or if the service is not registered/installed.
  7. When the import is completed, a screen is displayed with a tab for each imported package, click on a tab to view the import and additional details.
  8. If the import fails for any reason, try and correct the issue, verify zip file is not corrupt, re-import.
    • NOTE: Remove any applications directories where the import was successful to avoid duplicate content.

 

Make sure to check out Part 3a – “Overview of Framework Service Admin Audit Reports”  (coming soon) to get more insight into these reports.

You may not be aware that LBI has many different auditing features. Today I’ll be talking about dashboard auditing specifically.

Dashboard auditing in a nutshell allows you to track what dashboard links and content are being accessed by your user base. This can be helpful for reviewing security permissions, getting rid of unused links, as well as optimizing overly used links/reports.

To enable Dashboard auditing you must have Administrator rights in LBI.

  1. Login into LBI and go to the Tools
  2. Select System Settings and go to the Dashboard Audit Section
  3. Select Yes to Allow Dashboard Audit and Save Changes
  4. Stop and restart the server for the changes to take effect.

Framework Services will now automatically capture and log relevant dashboard info to your LBI database table FS_AUDIT.

 

Make sure to check out the second article in this series, LBI Auditing Part 2 – “Setting up Admin Audit Reports”.

Similar to LSFCT, when Java is updated on the Landmark server, you will need to place the Bouncy Castle provider in the LAW_JAVA_HOME/jre/lib/ext directory.  To get the latest Bouncy Castle release, navigate to https://www.bouncycastle.org/latest_releases.html.  Select the latest release, or the release that corresponds to your version of Java.  Download the signed JAR file.

Stop all the IBM processes and Lawson.  Also, check your task manager for any running java processes.  Kill any java process.  Place the file at LAW_JAVA_HOME/jre/lib/ext.  Start all the services, or reboot the machine.

 

Similar to Lawson System Foundation, when WebSphere is updated in Landmark, the Bouncy Castle provider might also need to be updated.  If this is the case, you will notice an error message similar to the one below in the SSOCfgInfoServlet page.

Also, there will be messages logged in the ssocfginfoservlet.log and security_authen.log.  One of the biggest indicators of a bouncy castle issue is the error “No provider: BC”.

Ssocfginfoservlet.log, security_authen.log

Tue Dec 22 12:10:05.323 CST 2020 – default–1864609923 – L(2) : tid{DEFAULT} lid{13vdos3oj0u2br08s6qstv1pnv}. Error encountered while processing the request. Additional information: {Error decrypting data.

Stack Trace :

com.lawson.security.authen.SecurityAuthenException: Error decrypting data.

                at com.lawson.security.authen.AuthenDat.getSYMKey(AuthenDat.java:4214)

                at com.lawson.security.authen.AuthenDat.getAuthenDatData(AuthenDat.java:828)

                at com.lawson.security.authen.LawsonAuthentication.getAuthenDatStr(LawsonAuthentication.java:1406)

                at com.lawson.security.authen.LawsonAuthenDataManagerLMImpl.getAuthenDataAsString(LawsonAuthenDataManagerLMImpl.java:53)

                at com.lawson.security.authen.SSOCfgInfoServlet.getConfigXML(SSOCfgInfoServlet.java:177)

                at com.lawson.security.authen.SSOCfgInfoServlet.process(SSOCfgInfoServlet.java:643)

                at com.lawson.security.authen.SSOCfgInfoServlet.doGet(SSOCfgInfoServlet.java:163)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:575)

 

 

To update the Bouncy Castle provider, open a Landmark command window, or open a command line window and set the environment variables.  Navigate to WAS_JAVA_HOME, and run the command

java -jar %LAENVDIR%/java/jar/bcinstall.jar

This will put the correct provider file in your java home location.  Then, bounce the application server or reboot the machine.

If you are receiving login failures in IPA work units due to connection timeouts, or connection refused, it is possible that you need to take some steps to improve the performance of your IPA-S3 connections.  To do that, you can update the recommended S3 Connection Pool Settings.

First, open the Landmark Grid and click the “gears” to get to the configuration manager.  Select Applications > (your Landmark application) > Edit Properties.  Type Ctrl+F and search for “S3”.

   

   

 

Open each of the S3 configuration properties, and select the “All” radio button.  Make your changes on the “LPA” node for Any Host.  Set the S3 configuration properties to the following recommended values:

  • UsePooledConnections = True
  • MaxActiveConnections = 10
  • MaxIdleConnections = 2
  • MaxConnectionWaitSec = 30
  • TimeBetweenEvictionRunsSec = 30
  • ValidationTimeSec = 240
  • EnableConnectionValidation = True only set this value if you are on Landmark Technology 10.1.1.58 or higher

Save each change in the dialog window, and then click the main “Save” button at the top of the Properties window.  After you have made these changes, restart the LPA node in the Grid.

After logging into Lawson, if you see the below error “Cannot retrieve user file.  Bookmark IDs cannot be read”, there is a good chance that the iosconfig.xml file has some invalid values.  The error messages might point you directly to this file.  It can be found at LAWDIR/system.  Make sure that the ioswebrootdir attribute points to the correct location.  This location should be LAWDIR/persistdata.  Make sure there are no extra spaces or directory names in this value.

After updating the value, reboot the server or restart the WebSphere services.