LBI Auditing Part 1 – Setting up Dashboard Auditing

, ,

You may not be aware that LBI has many different auditing features. Today I’ll be talking about dashboard auditing specifically.

Dashboard auditing in a nutshell allows you to track what dashboard links and content are being accessed by your user base. This can be helpful for reviewing security permissions, getting rid of unused links, as well as optimizing overly used links/reports.

To enable Dashboard auditing you must have Administrator rights in LBI.

  1. Login into LBI and go to the Tools
  2. Select System Settings and go to the Dashboard Audit Section
  3. Select Yes to Allow Dashboard Audit and Save Changes
  4. Stop and restart the server for the changes to take effect.

Framework Services will now automatically capture and log relevant dashboard info to your LBI database table FS_AUDIT.

 

Make sure to check out the second article in this series, LBI Auditing Part 2 – “Setting up Admin Audit Reports”.

Updating Bouncy Castle after Java Update on Landmark Server

, ,

Similar to LSFCT, when Java is updated on the Landmark server, you will need to place the Bouncy Castle provider in the LAW_JAVA_HOME/jre/lib/ext directory.  To get the latest Bouncy Castle release, navigate to https://www.bouncycastle.org/latest_releases.html.  Select the latest release, or the release that corresponds to your version of Java.  Download the signed JAR file.

Stop all the IBM processes and Lawson.  Also, check your task manager for any running java processes.  Kill any java process.  Place the file at LAW_JAVA_HOME/jre/lib/ext.  Start all the services, or reboot the machine.

 

Updating Bouncy Castle After Websphere Fix Pack

, ,

Similar to Lawson System Foundation, when WebSphere is updated in Landmark, the Bouncy Castle provider might also need to be updated.  If this is the case, you will notice an error message similar to the one below in the SSOCfgInfoServlet page.

Also, there will be messages logged in the ssocfginfoservlet.log and security_authen.log.  One of the biggest indicators of a bouncy castle issue is the error “No provider: BC”.

Ssocfginfoservlet.log, security_authen.log

Tue Dec 22 12:10:05.323 CST 2020 – default–1864609923 – L(2) : tid{DEFAULT} lid{13vdos3oj0u2br08s6qstv1pnv}. Error encountered while processing the request. Additional information: {Error decrypting data.

Stack Trace :

com.lawson.security.authen.SecurityAuthenException: Error decrypting data.

                at com.lawson.security.authen.AuthenDat.getSYMKey(AuthenDat.java:4214)

                at com.lawson.security.authen.AuthenDat.getAuthenDatData(AuthenDat.java:828)

                at com.lawson.security.authen.LawsonAuthentication.getAuthenDatStr(LawsonAuthentication.java:1406)

                at com.lawson.security.authen.LawsonAuthenDataManagerLMImpl.getAuthenDataAsString(LawsonAuthenDataManagerLMImpl.java:53)

                at com.lawson.security.authen.SSOCfgInfoServlet.getConfigXML(SSOCfgInfoServlet.java:177)

                at com.lawson.security.authen.SSOCfgInfoServlet.process(SSOCfgInfoServlet.java:643)

                at com.lawson.security.authen.SSOCfgInfoServlet.doGet(SSOCfgInfoServlet.java:163)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:575)

 

 

To update the Bouncy Castle provider, open a Landmark command window, or open a command line window and set the environment variables.  Navigate to WAS_JAVA_HOME, and run the command

java -jar %LAENVDIR%/java/jar/bcinstall.jar

This will put the correct provider file in your java home location.  Then, bounce the application server or reboot the machine.

Configurations to Enhance IPA Performance

, ,

If you are receiving login failures in IPA work units due to connection timeouts, or connection refused, it is possible that you need to take some steps to improve the performance of your IPA-S3 connections.  To do that, you can update the recommended S3 Connection Pool Settings.

First, open the Landmark Grid and click the “gears” to get to the configuration manager.  Select Applications > (your Landmark application) > Edit Properties.  Type Ctrl+F and search for “S3”.

   

   

 

Open each of the S3 configuration properties, and select the “All” radio button.  Make your changes on the “LPA” node for Any Host.  Set the S3 configuration properties to the following recommended values:

  • UsePooledConnections = True
  • MaxActiveConnections = 10
  • MaxIdleConnections = 2
  • MaxConnectionWaitSec = 30
  • TimeBetweenEvictionRunsSec = 30
  • ValidationTimeSec = 240
  • EnableConnectionValidation = True only set this value if you are on Landmark Technology 10.1.1.58 or higher

Save each change in the dialog window, and then click the main “Save” button at the top of the Properties window.  After you have made these changes, restart the LPA node in the Grid.

Cannot Retrieve User File

, ,

After logging into Lawson, if you see the below error “Cannot retrieve user file.  Bookmark IDs cannot be read”, there is a good chance that the iosconfig.xml file has some invalid values.  The error messages might point you directly to this file.  It can be found at LAWDIR/system.  Make sure that the ioswebrootdir attribute points to the correct location.  This location should be LAWDIR/persistdata.  Make sure there are no extra spaces or directory names in this value.

After updating the value, reboot the server or restart the WebSphere services.

401 – Unauthorized error in ESS

, ,

If you receive a 401 or 404 error when accessing ESS pages, you need to make sure that the server users have read/write access on the ESS directories. The directories that need this access are WEBDIR/lawson/xbnnet, WEBDIR/lawson/xhrnet, and WEBDIR/lawson/webappjs.

It is important to note that the permsmaint command does not set this security, and it must be set manually by a server administrator.