Hello,
After applying CU23 Landmark technology I receive the error below when I log in a second time to EMSS. I log in once, log out and then log in again and I receive the error. If I wait awhile I can log in again. The error is:
Error: It is a invalid request. Please contact your system administrator for further details.
In my security_authen.log file I am seeing the error below:
Source address = 172.17.48.170 Requested URL = https://lawson-lsatest.hmc.hurleymc.com/sso/SSOServlet Request query string =_action=MIGRATESESSION&LA_SESSION_ID=1oEi3x!2Bda2TYTuricqmjqLkQomu0JnPneKqF05e0!2FRrf!2BonGQ8Ei!2BAAAAU34YigX&ACTOR=lawson&SSO_USERNAME=lawson&LOGIN_IDENTKEY=User:lawson&LOGIN_SERVICE=LTMTEST.HCMAPP.MANAGERSELFSERVICE&SSO_DOMAIN=DefaultSSODomain&_serviceName=LTMTEST.HCMAPP.MANAGERSELFSERVICE&LANGUAGE=null&LOCALE=en_US&CALENDAR_TYPE=null&_ssoClientType=&_ssoTenant=DEFAULT&NotBefore=1434391291942&NotOnOrAfter=1434391351942&_ssoOrigUrl=https%3A%2F%2Flawson-lsatest.hmc.hurleymc.com%3A443%2Fltmtest%2FManagerSelfService%2Fhtml%2FManagerSelfService%3Fcsk.HROrganization%3D1000&_TKM=-796428683&_ssovaltoken=joik6%2Fq9jDpsO28yTCcoeGAFZIM%3D Cache-Control: no-cache Accept: text/html, application/xhtml+xml, */* Accept-Encoding: gzip, deflate Accept-Language: en-US Cookie: JSESSIONID=0000Dc1UgKka8SZdGvAOnMd2Y3W:-1 Host: lawson-lsatest.hmc.hurleymc.com Referer: https://lawson-appwebt.hm...iGE4t4lLyByw4WIY8%3D User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) $WSIS: true $WSSC: https $WSPR: HTTP/1.1 $WSRA: 172.17.48.170 $WSRH: 172.17.48.170 $WSSN: lawson-lsatest.hmc.hurleymc.com $WSSP: 443 Surrogate-Capability: WS-ESI="ESI/1.0+" _WS_HAPRT_WLMVERSION: -1 Parameter Map = {LOGIN_SERVICE=[LTMTEST.HCMAPP.MANAGERSELFSERVICE],_ssovaltoken=[joik6/q9jDpsO28yTCcoeGAFZIM=],_action=[MIGRATESESSION],_ssoOrigUrl=[https://lawson-lsatest.hmc.hurleymc.com:443/ltmtest/ManagerSelfService/html/ManagerSelfService?csk.HROrganization=1000],LOCALE=[en_US],SSO_DOMAIN=[DefaultSSODomain],LANGUAGE=[null],_ssoClientType=[],SSO_USERNAME=[lawson],NotBefore=[1434391291942],_ssoTenant=[DEFAULT],NotOnOrAfter=[1434391351942],_TKM=[-796428683],LA_SESSION_ID=[1oEi3x!2Bda2TYTuricqmjqLkQomu0JnPneKqF05e0!2FRrf!2BonGQ8Ei!2BAAAAU34YigX],LOGIN_IDENTKEY=[User:lawson],CALENDAR_TYPE=[null],ACTOR=[lawson],_serviceName=[LTMTEST.HCMAPP.MANAGERSELFSERVICE],} Mon Jun 15 14:01:29 EDT 2015 - 1409085610: Error: It is a invalid request Stack Trace : com.lawson.security.interfaces.GeneralLawsonSecurityException: It is a invalid request at com.lawson.security.authen.SSOServiceInteractor.createLocalMigratedSession(SSOServiceInteractor.java:5500) at com.lawson.security.authen.SSOServiceInteractor.processMigrateSessionAction(SSOServiceInteractor.java:2699) at com.lawson.security.authen.SSOServiceInteractor._processRequest(SSOServiceInteractor.java:219) at com.lawson.security.authen.SSOServiceInteractor.processRequest(SSOServiceInteractor.java:161) at com.lawson.security.authen.SSOServlet.process(SSOServlet.java:517) at com.lawson.security.authen.SSOServlet.doGet(SSOServlet.java:226) at javax.servlet.http.HttpServlet.service(HttpServlet.java:575) at javax.servlet.http.HttpServlet.service(HttpServlet.java:668) at com.ibm.ws.cache.servlet.ServletWrapper.serviceProxied(ServletWrapper.java:307) at com.ibm.ws.cache.servlet.CacheHook.handleFragment(CacheHook.java:562) at com.ibm.ws.cache.servlet.CacheHook.handleServlet(CacheHook.java:255) at com.ibm.ws.cache.servlet.ServletWrapper.service(ServletWrapper.java:259) at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1230) at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:779) at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:478) at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:178) at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1071) at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:87) at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:914) at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1662) at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:200) at com.ibm.ws.ard.channel.ARDChannelConnLink.handleDiscrimination(ARDChannelConnLink.java:218) at com.ibm.ws.ard.channel.ARDChannelConnLink.ready(ARDChannelConnLink.java:123) at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:459) at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:526) at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:312) at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:88) at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1818) at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:175) at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217) at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161) at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138) at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204) at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775) at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905) at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1864) .
JT-739564 - Security program was designed to not allow one user to re-login if the SSO session is available for web based program. If a user logs in from rich client (Java application), the security program uses xfer_token to satisfy SSO when launching web app (LMS). DSP loads the canvas from browser and login. So security does not allow the same user re-login if this user did not logout. In order to satisfy DSP requirement, the security program has been modified to allow the user re-login even SSO session is still available when LMS was launched from rich client.