LBI Auditing Part 3a – Overview of Framework Service Admin Audit Reports

, ,

In LBI Auditing Part 2, we went over setting up admin audit reports in LBI. In this article we will go over the Framework Service (FS) portion of reports.

 

FS01.FS Content:

This report may contain a lot of data and can take longer to generate. It displays dashboard, module, and content links. Couple with this type of data, you will be able to see user ownership, security type, shared/view access, create and modified date data.

 

Column Name Description
Dashboard-Module-Links Created content name, shared/not shared.
Item Specify Type of content (Dashboard, Module, Link).
Owner Owner of content
Shared to User or groups that have access, specific sharing rights.
Security Specify Shows whether shared access is public, from a user, or group.
View Access Viewing rights from users or groups (design rights or not).
Modified Date Last logged date the content has been changed/modified.
Creation Date Date in which the content was created.

 

FS02.User/Group Access on FS Content:

This report shows what content a user or group has access to.

Column Name Description
ID The ENPTREEENTRYID where the user belongs to.
User/Group User/Group Name and their access to certain content.
Security Specify Access Type: public, user, or group.
Access Items Content each user has access to.
Item Specify Type of content (Dashboard, Module, Link).
Creation Date Date in which the content was created.

 

FS03.Top Viewed Links in Framework Services:

Links that are captured and logged in the database if the Auditing feature is turned on. (See LBI Auditing Part 1 of how to set this up.)

Column Name Description
Names Names of the FS Links.
Access View User access.
Access Value Access level to a certain user or group (if public at all).
Views Count How many times a link was viewed

 

For more details on these admin audit reports, check out Part 3b “Overview of Reporting Service Admin Audit Reports” and Part 3c “Overview of Service Now Admin Audit Reports” (coming soon).

LBI Auditing Part 2 – Setting up Admin Audit Reports

, ,

In LBI Auditing Part 1, we went over enabling dashboard auditing. This time we will go over how to set up special Admin Audit Reports to view more information about LBI activity via Framework/Reporting Services and Smart Notifications. These reports are for 10.6.0.0 and later but check with Infor if they are supported for older versions.

 

  1. Login to Infor Support Portal and go to the LBI Product Download page.
  2. Download the BI-Samples.zip file and unzip to a temporary location
  3. Locate Infor-LBI-Admin-Reports-SolutionPack.zip
  4. Login into LBI and go to Tools dashboard
  5. Click the Deployment Utility link and a Deployment Utility window will pop-up
  6. Browse for the solution pack mentioned in Step 3, select it and then click Import
    • NOTE: Framework Services content is delivered in a folder called fs; Reporting Services in a folder called rs; Smart Notification in a folder called sn.
    • No tab will be displayed for a service if the solution package does not contain a solution for that service or if the service is not registered/installed.
  7. When the import is completed, a screen is displayed with a tab for each imported package, click on a tab to view the import and additional details.
  8. If the import fails for any reason, try and correct the issue, verify zip file is not corrupt, re-import.
    • NOTE: Remove any applications directories where the import was successful to avoid duplicate content.

 

Make sure to check out Part 3a – “Overview of Framework Service Admin Audit Reports”  (coming soon) to get more insight into these reports.

LBI Auditing Part 1 – Setting up Dashboard Auditing

, ,

You may not be aware that LBI has many different auditing features. Today I’ll be talking about dashboard auditing specifically.

Dashboard auditing in a nutshell allows you to track what dashboard links and content are being accessed by your user base. This can be helpful for reviewing security permissions, getting rid of unused links, as well as optimizing overly used links/reports.

To enable Dashboard auditing you must have Administrator rights in LBI.

  1. Login into LBI and go to the Tools
  2. Select System Settings and go to the Dashboard Audit Section
  3. Select Yes to Allow Dashboard Audit and Save Changes
  4. Stop and restart the server for the changes to take effect.

Framework Services will now automatically capture and log relevant dashboard info to your LBI database table FS_AUDIT.

 

Make sure to check out the second article in this series, LBI Auditing Part 2 – “Setting up Admin Audit Reports”.

Updating Bouncy Castle after Java Update on Landmark Server

, ,

Similar to LSFCT, when Java is updated on the Landmark server, you will need to place the Bouncy Castle provider in the LAW_JAVA_HOME/jre/lib/ext directory.  To get the latest Bouncy Castle release, navigate to https://www.bouncycastle.org/latest_releases.html.  Select the latest release, or the release that corresponds to your version of Java.  Download the signed JAR file.

Stop all the IBM processes and Lawson.  Also, check your task manager for any running java processes.  Kill any java process.  Place the file at LAW_JAVA_HOME/jre/lib/ext.  Start all the services, or reboot the machine.

 

Updating Bouncy Castle After Websphere Fix Pack

, ,

Similar to Lawson System Foundation, when WebSphere is updated in Landmark, the Bouncy Castle provider might also need to be updated.  If this is the case, you will notice an error message similar to the one below in the SSOCfgInfoServlet page.

Also, there will be messages logged in the ssocfginfoservlet.log and security_authen.log.  One of the biggest indicators of a bouncy castle issue is the error “No provider: BC”.

Ssocfginfoservlet.log, security_authen.log

Tue Dec 22 12:10:05.323 CST 2020 – default–1864609923 – L(2) : tid{DEFAULT} lid{13vdos3oj0u2br08s6qstv1pnv}. Error encountered while processing the request. Additional information: {Error decrypting data.

Stack Trace :

com.lawson.security.authen.SecurityAuthenException: Error decrypting data.

                at com.lawson.security.authen.AuthenDat.getSYMKey(AuthenDat.java:4214)

                at com.lawson.security.authen.AuthenDat.getAuthenDatData(AuthenDat.java:828)

                at com.lawson.security.authen.LawsonAuthentication.getAuthenDatStr(LawsonAuthentication.java:1406)

                at com.lawson.security.authen.LawsonAuthenDataManagerLMImpl.getAuthenDataAsString(LawsonAuthenDataManagerLMImpl.java:53)

                at com.lawson.security.authen.SSOCfgInfoServlet.getConfigXML(SSOCfgInfoServlet.java:177)

                at com.lawson.security.authen.SSOCfgInfoServlet.process(SSOCfgInfoServlet.java:643)

                at com.lawson.security.authen.SSOCfgInfoServlet.doGet(SSOCfgInfoServlet.java:163)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:575)

 

 

To update the Bouncy Castle provider, open a Landmark command window, or open a command line window and set the environment variables.  Navigate to WAS_JAVA_HOME, and run the command

java -jar %LAENVDIR%/java/jar/bcinstall.jar

This will put the correct provider file in your java home location.  Then, bounce the application server or reboot the machine.

Configurations to Enhance IPA Performance

, ,

If you are receiving login failures in IPA work units due to connection timeouts, or connection refused, it is possible that you need to take some steps to improve the performance of your IPA-S3 connections.  To do that, you can update the recommended S3 Connection Pool Settings.

First, open the Landmark Grid and click the “gears” to get to the configuration manager.  Select Applications > (your Landmark application) > Edit Properties.  Type Ctrl+F and search for “S3”.

   

   

 

Open each of the S3 configuration properties, and select the “All” radio button.  Make your changes on the “LPA” node for Any Host.  Set the S3 configuration properties to the following recommended values:

  • UsePooledConnections = True
  • MaxActiveConnections = 10
  • MaxIdleConnections = 2
  • MaxConnectionWaitSec = 30
  • TimeBetweenEvictionRunsSec = 30
  • ValidationTimeSec = 240
  • EnableConnectionValidation = True only set this value if you are on Landmark Technology 10.1.1.58 or higher

Save each change in the dialog window, and then click the main “Save” button at the top of the Properties window.  After you have made these changes, restart the LPA node in the Grid.

Cannot Retrieve User File

, ,

After logging into Lawson, if you see the below error “Cannot retrieve user file.  Bookmark IDs cannot be read”, there is a good chance that the iosconfig.xml file has some invalid values.  The error messages might point you directly to this file.  It can be found at LAWDIR/system.  Make sure that the ioswebrootdir attribute points to the correct location.  This location should be LAWDIR/persistdata.  Make sure there are no extra spaces or directory names in this value.

After updating the value, reboot the server or restart the WebSphere services.