Using IPA to Update SSOP Identity after AD FS Configuration

, ,

Once your AD FS configuration is done, you’ll need to update the SSOP identity with userPrincipalName for all of your users in Lawson Security.  IPA is a great tool for this task.

Some nodes that you’ll need include:

  • System Command – get AD users
    • Run a powershell command to get the samAccountName and userPrincipalName from Active Directory
    • powershell “Get-ADUser -Filter * -SearchBase ‘<OU Path (i.e. OU=Users,DC=company,DC=org)>’ | Select-object SamAccountName,UserPrincipalName | ConvertTo-Csv -NoTypeInformation”
  • Data Iterator to iterate through the results from the AD query
  • Resource Query
    • Get User by querying on SSOP value
    • <?xml version=”1.0″ encoding=”UTF-8″ standalone=”yes”?><TRANSACTION user=”[email protected]” method=”getRMQuery”><SERVICE><![CDATA[SSOP]]></SERVICE><SERVICEATTRS><SERVICEATTR><NAME><![CDATA[USER]]></NAME><VALUE><![CDATA[<!samAccountName>]]></VALUE></SERVICEATTR></SERVICEATTRS><OBJECT><![CDATA[People]]></OBJECT><ATTRIBUTES><ATTRIBUTE><![CDATA[ID]]></ATTRIBUTE></ATTRIBUTES><OUTPUTSERVICEATTRS/></TRANSACTION>
  • Resource Update
    • Using the ID from your Resource Query, Update the SSOP service

How to Maximize Filezilla FTP Transfer Speed

, ,
  1. First, ensure that the Transfer mode is set to Passive in FileSite Manager Transfer Settings


    Passive mode is the recommended mode for client computers behind NAT or proxy. In active mode, the client must accept connection from the FTP server. In passive mode, the client always initiates the connection.
  2. Change Maximum Simultaneous Transfers to 10 in EditSettings Transfers

    As the name suggests, this increases the number of concurrent transfers that can occur to 10.

    If these tips do not improve your Filezilla transfer speed, it is probably due to some limit on your ISP or on the server you are connecting to. Some hosts place tight restrictions on FTP speeds so it may be worth contacting your ISP.

Troubleshoot NoClassDefFoundError (bouncycastle.x509)

, ,

After configuring LSF for AD FS, we encountered a 500 error after a login smoke test. The error was begin logged in SystemOut.log for our AppServer. The error message was:

[4/30/19 14:31:41:287 PDT] 000000e9 ServletWrappe E com.ibm.ws.webcontainer.servlet.ServletWrapper service Uncaught service() exception thrown by servlet SSOServlet: java.lang.NoClassDefFoundError: org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure

To troubleshoot this, we first regenerated and reloaded the ADFS Certificate to the LSF IdP Certificate in ssoconfig. This did not resolve the issue, so then we checked the java policy files. It turns out that the policy files were out-of-date. You need to update the policy files in JAVA_HOME and WebSphere. First, download the latest policy files from Oracle and IBM, and the BouncyCastle policy file from the BouncyCastle website.

To determine the directories which need the replacement files, first open a command line as administrator and type “where java”. This will show you where your main install of java is located. Go to this directory, then jre/lib/security and replace local_policy.jar and US_export_policy.jar. The BouncyCastle jar file will be located at jre/lib/ext. Matching files must also be stored in your WebSphere java home. To figure out where this directory structure will be, open SystemOut.log and scan for the last time the AppServer was started.  “Java Home” will be displayed there. The directory structure will be the same as your main java install.

Remember to backup/rename your old policy files and copy the new ones to these directories. You’ll have to stop your WebSphere services and kill all java processes before you can do this.

Modifying VMWare to use Microsoft Remote Desktop Protocol so you can Transfer Files Easier

, ,

First, you’ll need to connect to your installed VMWare Client:

Now before connecting to the virtual server, right click the connection and select Microsoft Remote Desktop:

Once this is selected, you’ll be able to connect to the host Virtual machine and use VMWare as if it was Microsoft Native Remote Desktop Protocol.

One of the biggest advantages of this is being able to copy and paste files to and from the VMWare client using CTRL + C and CTRL + V.

The other Protocol settings can be used as well.

VMWare Blast is optimized for mobile cloud and consumes less CPU in case you’re trying to save battery life.

PCoIP may be better optimized for use when a poor internet connection but results will likely be equal to the other options.

Infor Process Automation (IPA) Best Practices and Performance Improvement Tips

, ,

Since Infor Process Designer is an open-ended visual design tool, different users can achieve the same end goal but in many different ways. While the flow might technically “work”, this level of design freedom usually leads to processes that are not as efficient as they could potentially be.

Here are some tips to keep in mind as you design your next flow:

  1. Use a MsgBuilder node instead of writing to file for each record

     

    By using a MsgBuilder node, we can append all found records to a String in memory. We can then call the string when we need to write the records. This is much faster than individually writing each line, each time through the FileAccess node.

  2. Merge Assign Nodes

    This is a common mistake in many processes. There is no reason two Assign nodes would have to line up one after another in a flow. You can simply use one Assign node for all your variables/javascript. More nodes in your flow results in slower speeds so you should always try to use as few nodes as possible.
  3. Remove Unnecessary Assign Nodes

    When a value is returned from a query or processing node, it is automatically assigned an internal variable name.

    In the screenshot above, we see the values pulled from my SQL query have already been automatically assigned a variable. Therefore, there would be no point in having an Assign node to set SQL ADDRESS to my custom variable <!ADDRESS>. It would be better to simply call <!SQLQuery1080_ADDRESS> when needed as the variable has already been created for me.

  4. Remote File Access
    When the Infor Lawson business applications and ProcessFlow are on the same server, file access is blazing fast since all the files are local. However, when IPA is on a separate server, the process slows down since the flow must now access the file across the network and not locally.

    To mitigate this issue, make sure file access is done as efficiently as possible. Perhaps reach out to those in charge of network IT to see about reducing network lag.

  5. Upload the Process with Logging Off
    Process logging can negatively affect performance. Unless you are troubleshooting a problem, processes should be uploaded with Log Level: No debug

IP Designer Email Node – Using HTML and Inserting Images

, ,

Using HTML or inserting images via the IP Designer Email node seems to be a common problem based on the number of forum posts on this topic.

Here are some of the solutions that have been proposed.

USING HTML

Based on the responses of senior IP Designer users, the gold standard for using HTML in your email is to write the HTML directly into a MsgBuilder node (https://www.nogalis.com/2017/09/12/ip-designer-series-message-builder-node/) so that we can call the MsgBuilder variable name in the email body of the Email node.

INSERTING IMAGES

  1. A simple way to insert images in emails sent by IP Designer Email node would be to compose HTML as shown above and bring in images from web servers.
  2. Another way would be to store the image in the Lawson emailattachments directory in order to attach it in the Email node.In Windows the directory to store the images is: lawsondirectory/bpm/emailattachments
    In Unix: lawsondirectory/LPS/emailattachments/


5 ServiceNow Tips & Tricks I Wish I Knew When I Started!

, ,
  1. Performance degradation? Forms slow to load?
    Try following these steps:
    • Click the Settings Gear Icon on the top right of your ServiceNow screen, next to your name. Then, navigate to the Forms tab.


    • Changing the Related list loading from “With the Form” to “After Form Loads” for a slight improvement in performance. Changing to “On-Demand” can result in significant performance gains as this would change it so that records get loaded only upon click.

  2. Change the form view to a cleaner tabbed format versus the normal lengthy vertical layout.
    From the same Forms tab in System Settings (refer to tip #1), we can turn on Tabbed forms to change to this view.

    BEFORE:

    AFTER:

  3. Using asterisks (*) and double asterisks (**) for Reference fields.
    In ServiceNow, searching for a record in a reference field will automatically use a “STARTSWITH” query.

    This can cause some difficulties when trying to search for records.

    The solution is to use an asterisk before typing in the search term. This will change the query to a “CONTAINS” search which makes searching for records a lot easier.

    Also, you can also use double asterisks (**) to quickly return the first (up to) 15 records in the table.

  4. ServiceNow Keyboard Shortcuts.
  5. Quickly add attachments by simply dragging file to “Work notes” area.

    Attaching files by clicking the paperclip icon and then browsing for the file is a slow process. You can
    simply drag and drop the file you want to attach into the Work notes box.

SQL DECLARE and SET datetime

, ,

This article discusses the DECLARE statement in SQL, which you can find the official documentation here: https://docs.microsoft.com/en-us/sql/t-sql/language-elements/declare-local-variable-transact-sql?view=sql-server-2017

The DECLARE statement is used in a SQL statement to declare a variable. The declared variable can then be set using SET statement. Once set, the declared variable can be referred by the SELECT statement.

The DECLARE statement can also be used to declare a DATETIME and the SET statement can modify this DATETIME with DATEADD. This allows us to avoid dealing with JavaScript datetime variables.

For our case, we wanted to query all individuals that were set to turn 18 years old within a year.

In order to do this, we first ‘DECLARE’d the variables we would need and modified them using SET:


Note: First argument of DATEADD function can be any accepted SQL interval (year,month,week,day,hour,second,etc.)

Now that our 3 variables had been set, we were able to refer to them in the WHERE portion of the SELECT statement:

Full query with results:

By specifying the search range using DECLARE and SET, we are able to query the DOBs of just those users that are set to turn 18 years of age within a year of the query date.

Keyboard Shortcuts for Productivity – The Short List (Windows)

, ,

For those who spend a large part of their day behind a screen, keyboard shortcuts are great and the time saved by using these shortcuts definitely accrues over time. You are losing precious seconds of productivity every time you lift your hand off the keyboard to use the mouse instead. Effectively using keyboard shortcuts can cut that wasted time down.

Most of us are already familiar with the most common keyboard shorts such as cut/copy/paste/undo/redo (ctrl+x/c/v/z/y).

At one point or another, we all have probably seen some type of chart online that shows all the possible keyboard shortcuts. This list is a bit daunting to take in at once and difficult to commit to memory unless you actually sit down and make it a point to memorize all the shortcuts. Even then, I find that it quickly fades from memory if not put to regular use.

Therefore I wanted to create this short list of keyboard shortcuts that I actually use in my daily work:

  1. Windows key + Arrow direction key – Snaps app window to left/right side/corner of screen

    Examples:
    Windows key + Left arrow direction key     – left side


    Windows key + Right arrow direction key – right side


    Windows key + Left arrow direction key then Windows key + Up arrow direction key – left upper corner

    Windows key + Left arrow direction key then Windows key + Down arrow direction key – left lower corner

    Windows key + Up arrow direction key – Maximize window
    Windows key + Down arrow direction key – Minimize window

    The most common use case for me is when I want to compare two similar files. For example, sometimes I pull up an erroring work unit log on the left side and a normal, functioning log on the right to compare the two and see where the path diverges. There are also times that I will compare an old backup file to a new modified one to visualize the changes.

  2. Windows key + E – Opens File Explorer
  3. Windows key + M – Minimizes all windows (useful for quickly accessing desktop shortcuts)
    Windows key + Shift + M – Restores all minimized windows
    Windows key + Comma – Temporarily peek at the desktop
  4. Windows key + S – Opens Windows search.
    Simply start typing the program/file name after pressing Windows key + S. Useful for opening programs/files quickly.
  5. Ctrl + Shift + V – Paste as plain text. I use this at least a couple of times a day. This is especially useful when composing emails with copied snippets from other sources.Ctrl + V:


    Ctrl + Shift + V:

Lawson Jobinteg Command Issues

, ,

The Lawson Jobinteg command is powerful for clearing up orphaned jobs that may be causing users issues. This is usually in the form of a job that can’t be deleted or is corrupted and likely caused from patches and or upgrades to the form or job.

Disclaimer: For v10, a patch may also be needed to fully resolve some jobs when running the jobinteg command.  The patch is available for LSF 10.0.6 and 10.0.7 only, as of 8/2015 and may have changed since then.

jobinteg -v

Brings back all bad records and NTIDs tied to them.  This is useful if you need to create a report to analyze which potential jobs are corrupted/bad or get approval to delete them.

jobinteg -t

Brings back summarized report of all bad jobs.

jobinteg -d

Wipes all orphaned/corrupt jobs listed in the summary or full report.  This usually resoles most jobs that receive errors upon inquiry or running them.

Hope this was helpful!