"Invalid username or password..." Message

Disclaimer: I think that this could be a bit of a challenge since the authentication process is black boxed. If you did make any changes to the login.js file, you would also be stuck re-applying your changes after any environment patches that touch this file. Also note that anytime deployed WAS files are modified, a browser reset and/or a bounce of the Web Server may be required to take effect on the client workstation.

Having said that, I would look at the login.js file in this folder on the server housing your WebSphere installation: WAS\AppServer\profiles\AppSrv01\installedApps\...\LawsonSecurity.ear\sso.war In this folder, there is a file named login.js. I would modify the login_init() function so that a lookup is performed on the form fields (specifically "_msgTxt") to determine whether that value was set to the "invalid username or password message". It might look something like this:  

var lookFor = /Invalid username or password/gi; // Case-Insensitive RegEx
var msgText = document.getElementById("_msgTxt"); // maybe it is msgDiv instead?
//
if (msgText != null && typeof(msgText) != "undefined")
{
  var msgTextVal = msgText.value; // if it is msgDiv, change to innerText
  var foundIt = lookFor.test(msgTextVal);
  //
  if (foundIt == true)
  {
    var feedBack = "Invalid UserName or Password. " + 
                   "Please note that a password change may take 5 minutes " + 
                   "before it is effective";
    //
    alert(feedBack);
    // Note you could change the text on the webpage too... 
    msgText.value = feedBack; // if it is msgDiv, change to innerText
  }
}

Good luck!

Craig

Snooping around, it seems to be a hard-coded return value from sso/SSOServlet

You can rig one of the onload functions such as getVersionInfo() in version.js (or maybe login_init in login.js) to work around this (there are other methods, I'm sure) with a hack such as:


function getVersionInfo()
{
if (document.getElementById("msgDiv").innerHTML.replace(/^\s\s*/, '').replace(/\s\s*$/, '') == "Invalid username or password. Please try again.")
{
document.getElementById("msgDiv").innerHTML = "This is a different message < br > This is a second line";
}

// continue on with the rest of the function

P.S. the .js files are, at least for me on websphere/lawson 9.x, located deep in the heart of websphere at WAS_HOME/AppServer/profiles/AppSrv01/installedApps/cell/app-LawsonSecurity.ear/sso.war/ - needless to say, when you upgrade/redeploy ears, you will have to reapply such a hack again

Welp, ya beat me to it Craig!  (It is, indeed msgDiv - I tested my hack to work on one of my test environments)

No prob! I think it's good to have someone issue the same disclaimer and similar code. We have a customization to our login screen and it is a bit of a nuisance to have to reapply it periodically. It applies business rules to restrict logins originating on the DMZ webserver to ESS users (MSS and "Normal" Portal are intranet access only).

Thanks, guys!  I'll let you know how it turns out.

I put the change at the end of the login_init() function, but I did not receive the alert message.

So I restarted the app server, cleared IOS cache, and deleted browser history...still no joy.

Do I need to repackage and redeploy the .ear file?...or is just changing the login.js file sufficient?  Is there something else I'm forgetting?  TIA.