Login
Register
Search
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Forums
User Experience
Lawson Portal
How to setup Lawson Portal so a SecurId (dynamic) password can be used?
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Who's On?
Membership:
Latest:
Saef
Past 24 Hours:
0
Prev. 24 Hours:
0
Overall:
5226
People Online:
Visitors:
608
Members:
0
Total:
608
Online Now:
New Topics
User Group Announcements
Carolina User Group Meeting
12/20/2024 3:15 PM
Date & Time: February 6, 2025, 8:30am - 4:00pm
S3 Systems Administration
ADFS certificate - new cert
12/3/2024 9:38 PM
The certificates on the windows boxes expired and
Lawson S3 HR/Payroll/Benefits
Post Tax Benefit Plan Table
11/14/2024 9:16 PM
Hi, totally new to Laswon. I have a repor
Lawson S3 Procurement
ED501 Error: Map 850 not supported by /law/c15vda/lawson/test10/edi/bin/laws_out_91
11/12/2024 3:47 PM
Tried runnning ED501 and getting the atathced erro
Lawson S3 HR/Payroll/Benefits
Error
11/6/2024 9:54 PM
When I try to enroll a retiree in 72.1 health plan
Infor ERP (Syteline)
Syteline: New Data Maintenance Wizard (Error) Need help
11/1/2024 4:24 PM
Hi, I need help with an error on syteline while us
Dealing with Lawson / Infor
Implementing Lawson v10 with Cerner Surginet, Case Cart Picking, and Quick Adds for the OR
10/29/2024 4:20 PM
Hi Everyone, I am wondering if there is any org
Lawson S3 HR/Payroll/Benefits
Canada Tax Calculation (Federal and Provincial) Issue
10/23/2024 5:00 AM
Initially, we had problem with CPP2 calculation is
Lawson S3 HR/Payroll/Benefits
CA Section 125 401k Plan
10/22/2024 10:13 PM
Does anyone have any recommendations on how to fac
S3 Systems Administration
Running AC120 deleted records from ACMASTER table
10/22/2024 3:40 PM
We recently ran the AC120 as normal and somehow it
Top Forum Posters
Name
Points
Greg Moeller
4184
David Williams
3349
JonA
3291
Kat V
2984
Woozy
1973
Jimmy Chiu
1883
Kwane McNeal
1437
Ragu Raghavan
1372
Roger French
1315
mark.cook
1244
Forums
Filtered Topics
Unanswered
Unresolved
Announcements
Active Topics
Most Liked
Most Replies
Search Forums
Search
Advanced Search
Topics
Posts
Prev
Next
Forums
User Experience
Lawson Portal
How to setup Lawson Portal so a SecurId (dynamic) password can be used?
Please
login
to post a reply.
8 Replies
0
Subscribed to this topic
13 Subscribed to this forum
Sort:
Oldest First
Most Recent First
Author
Messages
dpulmano
Basic Member
Posts: 5
2/9/2006 4:25 PM
Due to SOX compliancy we are required to use a SecurId password (password that contains numbers and changes evry minute) when logging in to Portal. But everytime we display a different page it keeps on asking us to enter a password. Any ideas on how to setup Portal so it won't ask for the SecurId password after first login.
This setup is working properly using LID where we only login once using the SecurId password and it does not prompt us to enter it again.
Thanks.
bsc
Posts: 3
2/9/2006 4:53 PM
check out Article ID: 129099 in the knowledge web on support.lawson.com
Follow the steps outlined below to resolve this issue.
Make sure the web server realm for the document root, cgi-lawson, and servlet location are set to the same value.
Set the Lawson web server document root, cgi-lawson, and servlet location Access Control List (ACL) to deny access for Everyone and allow access for the Lawson group. (In order to prevent double/multiple authentication across locations, the realm for each must be set to the same value.)
bsc
Posts: 3
2/9/2006 5:03 PM
what are you using for a webserver?
dpulmano
Basic Member
Posts: 5
2/9/2006 5:14 PM
We're using Tomcat Apache on a Unix server. Thanks.
John Henley
Posts: 3353
2/9/2006 5:21 PM
Did you have Portal set up and working before you implemented SecurID? (i.e. was it double-prompting before)?
In httpd.conf, make sure the AuthName for /cgi-lawson and /servlet are the same...
dpulmano
Basic Member
Posts: 5
2/9/2006 5:24 PM
Yes it worked before using static passwords. Thanks.
Phillip Feller
Basic Member
Posts: 12
2/11/2006 6:39 PM
What type of Apache module are you using to perform the SecurId authentication? It's my impression (and bear in mind that I have no direct experience with this), that repeated authentication is handled by checking a cookie that is valid for a (configurable) length of time.
You obviously can't simply use the standard HTTP basic authentication, because the "Authorization: BASIC" HTTP header will almost always have an outdated base64-encoded password. But the XMLHTTP APIs used by /lawsom/portal/common.js depend on basic authentication. Servlets should be OK, beause they depend on the request webuser, which is kept by Apache.
Alex Tsekhansky
Veteran Member
Posts: 92
2/27/2006 8:02 PM
Hello, Danny!
The question has several part:
1. You need to make sure your components support dynamic authentication. One main example of the software that does NOT support it is Tomcat 3.x. I will not go into the details why. Tomcat 4.1 with Apache 2.0 and java 1.4.2 does support this. Other combinations MAY support this (in fact, pretty much any web server PROBABLY WILL support it; Tomcat 4.0 MAY support it with "transparent" authentication).
2. You need to make sure connector between web server and servlet container supports dynamic authentication. That question is much more difficult. You must make sure you compile mod_jk from scratch (C-source code) if you use apache and tomcat. On Windows situation is more complicated, but I think it will still work even with connector from Tomcat 3.3.1 - though I have not tried it.
3. You need to make sure the actual password typed at first is not resubmitted to the authenticator (as it will be different). This depends on the connector between a web server and a SecurID server (unless it modifies users directly in Active Directory, LDAP - or whatever else you use for authentication).
4. If everything fails, you still have an option for external authentication. I really used external authentication (via mod_auth_external) only on UNIX so far. That way you can "fake" implementation of your own password.
5. The other question you need to decide - whether the actual password known to Lawson will really be the one from SecurID. With external authentication that does not have to be the case
The question may end up being the one of a "session timeout" - when do you decide that the "original" session is gone. This is MUCH more difficult question that I'd rather not discuss unless I have to :-)
If you describe your setup including:
1) version of Env, IOS
2) System setup for LRS and LRE compoenents (OS version, software used)
3) SecurID mechanism currently implemented
I may be able to help.
dpulmano
Basic Member
Posts: 5
2/27/2006 10:54 PM
Alex,
Thank you for your detailed comments. I'll pass this on to our web administrator and post an update when it becomes available.
Please
login
to post a reply.