After applying CU23 Landmark Technology I receive and error when logging in the second time

 2 Replies
 1 Subscribed to this topic
 32 Subscribed to this forum
Sort:
Author
Messages
JimY
Veteran Member
Posts: 510
Veteran Member

    Hello,

          After applying CU23 Landmark technology I receive the error below when I log in a second time to EMSS.  I log in once, log out and then log in again and I receive the error.  If I wait awhile I can log in again.  The error is:

     Error: It is a invalid request. Please contact your system administrator for further details.

     

    In my security_authen.log file I am seeing the error below:

     
    Source address = 172.17.48.170
    Requested URL = https://lawson-lsatest.hmc.hurleymc.com/sso/SSOServlet
    Request query string =_action=MIGRATESESSION&LA_SESSION_ID=1oEi3x!2Bda2TYTuricqmjqLkQomu0JnPneKqF05e0!2FRrf!2BonGQ8Ei!2BAAAAU34YigX&ACTOR=lawson&SSO_USERNAME=lawson&LOGIN_IDENTKEY=User:lawson&LOGIN_SERVICE=LTMTEST.HCMAPP.MANAGERSELFSERVICE&SSO_DOMAIN=DefaultSSODomain&_serviceName=LTMTEST.HCMAPP.MANAGERSELFSERVICE&LANGUAGE=null&LOCALE=en_US&CALENDAR_TYPE=null&_ssoClientType=&_ssoTenant=DEFAULT&NotBefore=1434391291942&NotOnOrAfter=1434391351942&_ssoOrigUrl=https%3A%2F%2Flawson-lsatest.hmc.hurleymc.com%3A443%2Fltmtest%2FManagerSelfService%2Fhtml%2FManagerSelfService%3Fcsk.HROrganization%3D1000&_TKM=-796428683&_ssovaltoken=joik6%2Fq9jDpsO28yTCcoeGAFZIM%3D
    Cache-Control: no-cache
    Accept: text/html, application/xhtml+xml, */*
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US
    Cookie: JSESSIONID=0000Dc1UgKka8SZdGvAOnMd2Y3W:-1
    Host: lawson-lsatest.hmc.hurleymc.com
    Referer: https://lawson-appwebt.hm...iGE4t4lLyByw4WIY8%3D
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
    $WSIS: true
    $WSSC: https
    $WSPR: HTTP/1.1
    $WSRA: 172.17.48.170
    $WSRH: 172.17.48.170
    $WSSN: lawson-lsatest.hmc.hurleymc.com
    $WSSP: 443
    Surrogate-Capability: WS-ESI="ESI/1.0+"
    _WS_HAPRT_WLMVERSION: -1
    Parameter Map = {LOGIN_SERVICE=[LTMTEST.HCMAPP.MANAGERSELFSERVICE],_ssovaltoken=[joik6/q9jDpsO28yTCcoeGAFZIM=],_action=[MIGRATESESSION],_ssoOrigUrl=[https://lawson-lsatest.hmc.hurleymc.com:443/ltmtest/ManagerSelfService/html/ManagerSelfService?csk.HROrganization=1000],LOCALE=[en_US],SSO_DOMAIN=[DefaultSSODomain],LANGUAGE=[null],_ssoClientType=[],SSO_USERNAME=[lawson],NotBefore=[1434391291942],_ssoTenant=[DEFAULT],NotOnOrAfter=[1434391351942],_TKM=[-796428683],LA_SESSION_ID=[1oEi3x!2Bda2TYTuricqmjqLkQomu0JnPneKqF05e0!2FRrf!2BonGQ8Ei!2BAAAAU34YigX],LOGIN_IDENTKEY=[User:lawson],CALENDAR_TYPE=[null],ACTOR=[lawson],_serviceName=[LTMTEST.HCMAPP.MANAGERSELFSERVICE],}
    Mon Jun 15 14:01:29 EDT 2015 - 1409085610: Error: It is a invalid request
    Stack Trace :
    com.lawson.security.interfaces.GeneralLawsonSecurityException: It is a invalid request
    at com.lawson.security.authen.SSOServiceInteractor.createLocalMigratedSession(SSOServiceInteractor.java:5500)
    at com.lawson.security.authen.SSOServiceInteractor.processMigrateSessionAction(SSOServiceInteractor.java:2699)
    at com.lawson.security.authen.SSOServiceInteractor._processRequest(SSOServiceInteractor.java:219)
    at com.lawson.security.authen.SSOServiceInteractor.processRequest(SSOServiceInteractor.java:161)
    at com.lawson.security.authen.SSOServlet.process(SSOServlet.java:517)
    at com.lawson.security.authen.SSOServlet.doGet(SSOServlet.java:226)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:575)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:668)
    at com.ibm.ws.cache.servlet.ServletWrapper.serviceProxied(ServletWrapper.java:307)
    at com.ibm.ws.cache.servlet.CacheHook.handleFragment(CacheHook.java:562)
    at com.ibm.ws.cache.servlet.CacheHook.handleServlet(CacheHook.java:255)
    at com.ibm.ws.cache.servlet.ServletWrapper.service(ServletWrapper.java:259)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1230)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:779)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:478)
    at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:178)
    at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1071)
    at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:87)
    at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:914)
    at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1662)
    at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:200)
    at com.ibm.ws.ard.channel.ARDChannelConnLink.handleDiscrimination(ARDChannelConnLink.java:218)
    at com.ibm.ws.ard.channel.ARDChannelConnLink.ready(ARDChannelConnLink.java:123)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:459)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:526)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:312)
    at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:88)
    at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1818)
    at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:175)
    at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
    at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
    at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
    at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
    at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
    at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
    at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1864)
    .

    Peter O
    Veteran Member
    Posts: 69
    Veteran Member
      I wonder if it's a server caching issue - if the server cahces the session token locally, Perhaps you're logging in too quickly before the server has cleared & re-established a valid session?
      Given that you can still log in a little bit later, this makes me wonder if it's related to that. You might want to send it to AMS to see if they can put up a JT to be fixed in Landmark 10.2
      JimY
      Veteran Member
      Posts: 510
      Veteran Member
        That sound valid. I did find the below JT in the Net Change report and wonder if it is related to that. Our DSP version is Infor Security Administrator 2.0, Build Version : 10.1.0.1577.

        
        JT-739564 - Security program was designed to not allow one user to re-login if the SSO session is available for
        web based program. If a user logs in from rich client (Java application), the security program uses xfer_token to
        satisfy SSO when launching web app (LMS). DSP loads the canvas from browser and login. So security does not
        allow the same user re-login if this user did not logout.
        In order to satisfy DSP requirement, the security program has been modified to allow the user re-login even SSO
        session is still available when LMS was launched from rich client.