Auto Resetting of SSOP Password

If you are referring to the users "Windows" password, we use a product called SSRPM that is sold by Tools4Ever. There are many products on the market that provide password reset via challange / response questions. This one was fairly simple to implement, pretty flexible and not too expensive.

Did you integrate the SSRPM with Lawson, or do they have to go somewhere else to reset their password?

We hung the url on the same menu they use to access ESS / MSS. We use a "generic" windows account on the kiosk so they only need to supply their windows credentials to access ESS. On the menu, there is a registration option they use to set up their questions and answers and a reset option they would use if they forgot their password. Having the link "inside" of Lawson wouldn't help much because you wouldn't be able to get to it if you forgot your password and could not log in.

So have you linked the Windows login to the Lawson id and password ? Our user's Lawson id are different to the actual windows login and password so not sure if SSRPM will work?
e.g Windows user id DOMAIN1\User.Name
lawson user id in portal UName
actual id held in LDAP /UName

We only want to change the Single Sign on Password for Id UName

Regards
Saurabh

If all you want to change is the SSOP password--and you are not using ldapbind--you can change the password via 1) ProcessFlow Integrator or 2) an XML using loadusers or ssoconfig.

Hi John
I dont believe we use the ldapbind (the users are allowed to change password when logged into portal).
If we use process flow integrator how will that give control to the end users?? Any tips on how to create this?

With option(2) would we have to create a front end with which we could get some details from the user and then create a xml file in the applicaton server with the details required for password change script which could be scheduled to run every so often.

Regards
Saurabh

Yes, you would need some sort of front-end/process to reset their password on-demand. There are various ways (and arguments on the techniques) of doing it.

Hi, Saurabh!

As you probably noticed, Lawson does not have this feature right now, and the only way is to defign a custom front-end interface.
We have done so for several clients, and tested it on UNIX and Windows. Such interface would implement password reset, admin functions (allow SOME people to reset ANYONE's password), password expiration etc. Note that the way how Lawson processes logins is slightly different between 9.0.0 and 9.0.1, so we really did separate interfaces for those versions.

Thank you.
Alex.

Saurabh,
If you are not bound to AD and are using seperate passwords in SSOP, then commercially available solutions will not be a help since they are talking to AD and are not aware of the Lawson LDAP entries. You will need to go one of the paths that John and Alex suggested. We did not want to buy PF Integrator just for this one purpose so I built a process to create the XML file for the loadusers utility and run this on a daily basis to provision new accounts. Changing passwords would be similar except Loadusers would just update the existing record rather than adding one, createing the file is not bad, but you could have quite a bit of work ahead of you if you want this to be triggered by the end user and provide challange / response feature. Alex - can you elaborate on what is different in the login process between LSF 9.0.0 and 9.0.1?
Thanks,
Joe

Hi, Joe!

The main differences betwen 9.0.0 and 9.0.1 on a web side of things are:

1. in 9.0.0 lawson uses two cookies to track session, and in 9.0.1 - three cookies
2. In 9.0.0 lawson did not verify the browser type (so I did not have to code the browser identification string in my scripts), and in 9.0.1 it does

Thanks.

Alex.

Thanks Alex! Do you know if Portal loads any faster in LSF 9.01? We are on 9.004 and the log in screen takes forever to load for our remote users with low bandwidth connections (IE: 128k). If the IE browser cache gets cleared it can take up 3-4 minutes for the log in screen to load. I have SSOP configured using "HTTPS for login only" for these users since they are on our secure intranet.
Joe

Joe -

The 901 uses similar login screen, so it will not be faster. However, there are techniques to optimize the load. I assume that the problem is between the browser and the web server (since you said that the issue is related to remote user - and I guess not to local users).

First, if they're on the intranet, get rid of the SSL if possible.
SSL is a BIG hog, and will slow down things between the browser and the web server. It will also introduce lots of extra web traffic.

Second, tune keep-alives between your browser and the web server. If you use IHS, I suggest getting Apache tuning guide (if you will not find one, let me know and I will look it up).

Third, make sure you use optimal browser settings. I hate to suggest things unsupported by Lawson officially, but IE8 processes javascript must faster than IE7, and I really recommend it in such cases.

Let's see if any of that helps.

Thanks.

Alex.

Posted By Joe O'Toole on 08/17/2009 11:08 AM
the log in screen takes forever to load for our remote users with low bandwidth connections (IE: 128k).

Is it the page load that is slow, or the authentication?

It's the login page load that is slow before the login is even attempted. We're running IE 6 in our remote store locations and configured for HTTPS for login only since these sites are all on our private network. Unlike full HTTPS, in this setup the bulk of the data is cached and performace is fine once they're in the application. I've tinkered with the "sec_to_load" parameter, but I think this really only adjusts the time before a timeout error is displayed vs. improving performance. We'll probably be upgrading to 9.01 and increasing our bandwidth over the next year so this will not be a problem for us forever.