When Java is updated or moved on the Lawson server, the application will also need to updated to use the new location.

First, update the system environment variables JAVA_HOME and LAW_JAVA_HOME.  Also, update those entries in install.cfg so that location will be used for future updates.

You may also need to run the command to update the environment parameters.  Create an XML file with the following data (using your new location for java):

Then, navigate to GEN_DIR/bin and run the LaMgmtCmd.exe command with the -u option to update the environment parameters:

LaMgmtCmd.exe -u <environment> <update file>

To view your environment parameters, run the LaMgmtCmd command with the -r option

After a WebSphere fix pack, or an update of some kind, you might see a 500 server error that indicates a Bouncy Castle jar mismatch.

To verify that your issue is related to Bouncy Castle, you can check the ssoconfig/SSOCfgInfoServlet web page to see if the XML will render.  If you see a similar error below, check the ios.log.  The “NoSuchProviderException: No such provider: BC” indicates that the Bouncy Castle jar files need to be updated.

[10/15/20 9:06:31:448 CDT] 000000ef SystemErr     R com.lawson.lawsec.authen.LSFSecurityAuthenException:Message:java.security.NoSuchProviderException: No such provider: BC

Stack Trace : java.security.NoSuchProviderException: No such provider: BC

at javax.crypto.Cipher.getInstance(Unknown Source)

at com.lawson.lawsec.authen.AuthenDat.decryptData(AuthenDat.java:2619)

at com.lawson.lawsec.authen.AuthenDat.getRMPrivUserPass(AuthenDat.java:521)

at com.lawson.lawsec.authen.LawsonAuthentication.getJNDIProps(LawsonAuthentication.java:1087)

at com.lawson.lawsec.authen.LawsonAuthentication.getInitialDirContext(LawsonAuthentication.java:1045)

at com.lawson.lawsec.authen.LawsonAuthentication.getInitialDirContext(LawsonAuthentication.java:1033)

at com.lawson.lawrm.rmMetaMgr.RMContext.getDirContext(RMContext.java:464)

at com.lawson.lawrm.rmMetaMgr.RMContext.getRMMetaDataManager(RMContext.java:798)

at com.lawson.lawrm.rmMetaMgr.RMContext.InitContext(RMContext.java:282)

at com.lawson.lawrm.rmMetaMgr.RMContext.<init>(RMContext.java:162)

at com.lawson.lawrm.rmMetaMgr.RMContext.<init>(RMContext.java:126)

at com.lawson.lawrm.rmMetaMgr.RMContext.getInitialContext(RMContext.java:208)

at com.lawson.lawrm.rmMetaMgr.RMContext.borrowRMContext(RMContext.java:303)

at com.lawson.lawsec.authen.LawsonService.<init>(LawsonService.java:152)

at com.lawson.lawsec.authen.LawsonSecurityXRefImpl.getServiceForName(LawsonSecurityXRefImpl.java:365)

at com.lawson.lawsec.authen.LawsonSSODomainManagerImpl.getDefaultPrimaryService(LawsonSSODomainManagerImpl.java:320)

at com.lawson.security.vulmit.VulnerabilityMitigation.getDefaultPrimaryService(VulnerabilityMitigation.java:193)

at com.lawson.security.vulmit.VulnerabilityMitigation.getStringServiceProperty(VulnerabilityMitigation.java:203)

at com.lawson.security.vulmit.VulnerabilityMitigation.configureAntiCsrf(VulnerabilityMitigation.java:173)

 

To update the jar files, navigate to WAS_HOME/java/bin and run the command “java -jar %GENDIR%/java/thirdparty/bcinstall.jar”.  This will automatically check the validity of your Bouncy Castle jar file and update if needed.

D:\IBM\WebSphere\AppServer\java\bin>.\java -jar %GENDIR%\java\thirdParty\bcinstall.jar

Testing for provider … FAIL: No such provider: BC

Installing provider

Installing bcprov-jdk16-145.jar

transferring …….done

Adding java.security entry

Adding org.bouncycastle.jce.provider.BouncyCastleProvider to java.security file

backing up ………………………………………………..done

D:\IBM\WebSphere\AppServer\java\jre\lib\security\java.security backed up to D:\IBM\WebSphere\AppServer\java\jre\lib\security\java.se

curity1901856172194836655.bak

placing new properties ………………………………………….done

Testing for strong encryption policy … PASS.

..done

backup D:\IBM\WebSphere\AppServer\java\jre\lib\security\policy\unlimited\local_policy.jar to D:\IBM\WebSphere\AppServer\java\jre\lib

\security\policy\unlimited\local_policy.jar78069013951101779.bak

..done

copied D:\IBM\WebSphere\AppServer\java\jre\lib\security\policy\unlimited\US_export_policy.jar to D:\IBM\WebSphere\AppServer\java\jre

\lib\security\policy\unlimited\local_policy.jar

Verifying provider … PASS.

Verifying policy … PASS.

Summary :

Provider installed successfully

Policy installed successfully

Crypto policy set

 

  1. Download the bulletin.
    1. Log into your MyBSI account
    2. Navigate to Product Maintenance
    3. Select your product
    4. Regulatory Bulletins
    5. Select your bulletin
    6. Click the download button(s)

  2. On the Server where BSI is installed, open a command window as administrator
  3. Navigate to the install directory (i.e. D:\BSI\TF10ClientInstall)
  4. Change directory to the directory that matches your server configuration (win32 for a 32-bit server, or amd64 for a 64-bit server)
  5. Run the command tf10lic /ResetDSN
  6. Run the command set TF10_SCHEMA_NAME=<Your Schema/Databse Name>
  7. Run the command set TF10_DATASET=DEFAULT
  8. Run the command tfmaint “<full file path where you downloaded the bulletin>”

  9. Check the “upd” log file for any error messages
  10. Validate PRTF.1 in Lawson

Here is a simple step-by-step guide on how to setup a distribution group in Lawson for a jobdef.

  1. Login into Lawson Interface Desktop (LID) and type in: grpdef
  2. Create a group name and add users to group
  3. Create a distribution list using command: dstlstgrpdef
    1. Add your group from step 2 to this new Distribution list
  4. Open jobdef select job you want >> Select step and press F6 >> B. Report Distribution
  5. Now arrow down to Destination and set as Dist Group, under Group/* Print, type your group name or Distribution List. This should populate a list of users on the right side.
  6. So when this job runs, the PRT and Error file will be placed in these users print directories. Press Enter twice to save changes.

That’s it! You can use these groups for distributing printers among other uses in Lawson. Good luck!

  1. Login into LBI
  2. Click ‘Display Dashboard’ link under Tools -> Services -> FS Service module.
  3. Click New Property Button and type ‘showBanner’ then click ok.
    1. Important: type showBanner exactly as shown (case sensitive)

  4. Type NO to hide the banner (if showBanner property is not present, default is YES)
  5. Click Update at the top and refresh the page to see changes.

 

Before:

After:

You may be getting reports from your users of this security warning or if loading to LBI from a portal bookmark, users may receive the below embedded error:

  1. To resolve this, login to Websphere on your LBI server.
  2. Go to Security > SSL Certificate and key management > SSL Configurations
  3. Select NodeDefaultSSLSettings
  1. Then select Quality of protection (QOP) settings
  2. Within this page, change the Protocol to SSL_TLSv2
  3. Save and then save to master configuration at the top. It is recommended to restart the entire LBI Server after this change.

Clear your browser cache before accessing LBI again and the TLS 1.0/1.1 error should be resolved. Also access LBI directly from a portal bookmark to see if it works there too.

 

Good luck!