Configure LBI for ADFS

, ,

When you configure LSF for ADFS, you will need to make some changes to your LBI configuration so that users will be able to access LBI with the userPrincipalName ([email protected]).

The first thing you need to do is ensure that you have a user in Lawson security where RMID = SSOP = UPN (userPrincipalName).  The RM User that is used to search LSF for LBI users must have an account where RMID and SSOP match.  It is recommended that you have a new AD user created for this purpose (such as lbirmadmin).

Add the new user to Lawson, ensuring that their ID and SSOP values both use UPN.  ([email protected])  Also make sure the new user is in the appropriate LBI groups for LBI access.

The next change will take place in the sysconfig.xml file located in <LBI install directory>/FrameworkServices/conf.  The ssoRMUserid should be the UPN of your LBI user mentioned above.  After you make these changes, restart the application server, clear the IOS cache in Lawson, and try logging into LBI.

500 Error in DSP Applications

,

If you update your LSF core technology, and subsequently find that your SSO applications (such as LBI or MSCM) produce a 500 service error, you probably need to update your DSP install on the host server for the SSO application.  Please see our article archive for instructions on how to update and reconfigure DSP.

If you get a “NoClassFoundError”, you may need to add a new class path to your JVM properties in WebSphere.  Figure out which class is missing and add the path to the JVM properties, then restart your application server and check to see if the issue is resolved.

Web Page errors when logging into IFS

, ,

If you see some error messages when you first open IFS (similar to the message below), make sure that all components of the Application Server have been installed.

These are installed in the Server Management area > Add Roles and Features.  The Application Server role is delivered with PowerShell commands that are required for IFS to run.

 

Update DSP for LBI

, ,

If you have installed a new DSP for your LBI server, it is very simple to point LBI to the new DSP install.

First, update the sysconfig.xml file located at <LBI Install Directory>/FrameworkServices/conf.  Look for the old DSP name and update it with the new name.  Then, be sure to change the class paths in WebSphere > Your Application Server > Java and Process Management > Process Definition > Java Virtual Machine.  Also, update the Custom Properties at the same location.

Restart the application server.

 

 

How are Recurring Journal Entries Approved?

, ,

When you journalize a Recurring Journal Entry, it goes through the standard JE approval flow. There is no delivered flow that looks at the Recurring Journal.

If you want the Recurring Journal Entry to be approved once when it is created and not approved each time it is journalized, a Custom IPA will need to be created to do that.

If you want changes on the Recurring Journal Entry to be re-approved when generated, make sure your custom trigger kicks off the IPA every time the Recurring Journal Entry is released.

You may then want to modify your JE approval flow to exclude transactions with the RJ system code since it was already approved – both initially and when it was changed.

Installing DSP for Authentication Against LSF

, ,

You may find the need to install or update DSP for your SSO applications, such as LBI or MSCM.  DSP allows these external web application to authenticate against Lawson for Single Sign-On.

Information you will need:

  • The password for ssoconfig
  • The passkey used to install your current DSP version (if applicable)
  • FQDN’s for your LSF server and the server that hosts the application for which you are installing DSP
  • Credentials for an admin account (usually lawson)

 

First, download the latest DSP jar file from InforXtreme.

It is best practice to back up your ldap instance before you begin the install.

On the server of the SSO application, open a command prompt as administrator.  Navigate to the directory where you saved the DSP install file.

Type command java -jar <DSP file>.jar.  This will open the install wizard.


Enter a new configuration passkey.  NOTE that if you are updating an installed DSP, you will need to know what passkey was used to install it.

 

Give your DSP instance a meaningful name

 

Set the location where you want the install files saved, and set the java location.

 

Mingle DSP install is a different process not addressed in this article.

 

Provide the FQDN of your LSF server.  The standard and secure ports can be found in your LSF install log.  Enter the password that you use to run ssoconfig.

 

Enter account information with administrative privileges in Lawson

 

Enter the appropriate values for the server that hosts your SSO application

 

Click Install

 

Update the JVM custom properties with the new install information (if necessary)

 

Install or update your security application in WebSphere.  The install file lawsec.ear can be found in <DSP install directory/jar/secondary

 

Run a smoke test against the new DSP install at https://<application base url>:<port>/sso/SSOConfig

The Problem of Creating Purchase Orders for Store Local Purchases

, ,

The procurement modules in large ERP systems are great for buying in bulk and keeping stock supplied for your larger purchasing needs.  Usually items are shipped to a receiving dock and are received into the ERP system by the receiving personnel.  This makes doing AP matching viable for these purchases.

What do you do with the items that your local store needs that are not shipped to a warehouse for distribution?  What about when the items are not part of a current contract or even needed on a contract? A store may need light bulbs for their light fixtures, for example, and the local manager has the authority to place an order for them without getting them in his regular warehouse deliveries.  This type of local purchase does not need approval beyond the store manager.  Waiting for a long process to establish a local supplier of light bulbs could leave the store in the dark before the process completes.

You still want these local store purchases to have an approval process that is tracked for audit compliance and a way to know what your commitments are.  How do you deal with these purchases now?  Wouldn’t it be great to have a local purchasing solution that doesn’t require a receiving department and still allows you to know:

Who approved the order

What your total corporate commitments are

Where you purchased something before for when you need to purchase them again

A solution is coming – stay tuned for more information soon!

 

 

 

 

IPA Troubleshooting Series

, ,

Here is a list of known IPA errors and their solutions as provided by Infor.

  1. Email attachment does not existAttachment: Drive:/Path/To/File/filename.ext does not exist.Solution:
    When adding attachments to a IPA email node, you must first ensure the file you wish to attach resides on the Landmark Environment Server.• If the file exists in LASYSDIR/LPS/emailattachments, simply list the file by filename.ext
    • If the file exists in any other Landmark Server Directory, list the file by it’s full absolute directory path
    • If you are using Multi-tenant Cloud, the file needs to be added PfiFileStorage, list the file by its full name in PfiFileStorage 
  2. SSOCfgInfoServlet was not successful Login error: com.lawson.security.authen.httpclient.LawsonHttpClientException: Login: The call to SSOCfgInfoServlet was not successfulImportant to note that any failing path connecting from IPA to LSF server can throw an identical error as stated above. The solution below should only be applied if the following can be seen in WebSphere’s system.out log:REQUIRED SUBSEQUENT ERRORjava.net.UnknownHostException: <server>

    at java.net.InetAddress.getAllbyName0(InetAddress.java:1302)

    Solution: Try adjusting the java.security file to disable caching while troubleshooting the problem on the DNS server. In order to modify this value, open JAVA_HOME/jre/lib/security/java.security and change the networkaddress.cache.ttl line to:

    networkaddress.cache.ttl=0

  3. IPA Designer: Lawson Query Builder Error Generating Process Query String

This error can pop up upon pressing “Build” in IPA Designer LawsonQuery node.

Solution: This silly error may be caused by using a IPA variable (such as <!appProdline>) for your dataarea in the query string. Instead, just remove the variable and type in the dataarea manually instead.

Before: PROD=<!appProdline>&FILE=EMPLOYEE&INDEX=EMPSET1&KEY=<!Company>=<!Employee>&FIELD=ADD-ALLOW-AMT;AUTO-DEPOSIT;BIWEEKLY-RATE;COMPANY;EMPLOYEE&OUT=CSV&DELIM=

After:
PROD=lsapps&FILE=EMPLOYEE&INDEX=EMPSET1&KEY=<!Company>=<!Employee>&FIELD=ADD-ALLOW-AMT;AUTO-DEPOSIT;BIWEEKLY-RATE;COMPANY;EMPLOYEE&OUT=CSV&DELIM=

Best Practice to Load File into IPA

, ,

The Data Iterator node is commonly used to loop through records but it can also read a file into IPA. (For more on the Data Iterator Node, visit: https://www.nogalis.com/2017/05/04/ip-designer-series-the-data-iterator-node/)

Based on the responses of seasoned IPA developers on the Infor/Lawson forums, the best way to ‘load’ in a file to an IPA flow is to use a FileAccess node followed by a DataIterator node. This speeds up the flow considerably as the FileAccess node would read the file into memory and then the DataIterator node can use the data from the memory instead of reading and closing the file multiple times.

First ‘load’ or ‘read’ the file into IPA using the FileAccess node. Then set DataIterator to process the Data (and not File) and set the source to be the FileAccess_outputData. This should noticeably improve the performance of the flow as the data is just being loaded into memory once by the FileAccess.

 

Lawson Error – “Unable to log on RUNUSERKEY Account”

, ,

If you run into this error, it likely means that many of your batch jobs in Lawson are going into recovery. The reason this may have occurred is due to a domain name change or possibly an accidental password reset.

 

To resolve, first login into LSA, then go to Manage Privileged Identities.

Once there, click the Environment named service ie. LSFPROD, LSFTEST or however yours is named. Select the BATCH key and find out what user is assigned under it.

 

This BATCH key may be named differently so check your lajs.cfg file under RUNUSERKEY as shown below in the system folder.

If you know the latest password login to LID with it first to confirm.

 

After confirming, type the password in the password field shown below and remember to click CHANGE after you confirm the password:

Go back to the job scheduler and attempt to recover your jobs.