intra-mart Accel Platform 2014 Summer(Honoka) / Release Note

Initial Version 2014-08-01

«  8.2.3. System Management   ::   Contents   ::   8.2.5. Client Browser  »

8.2.4. Authentication Functions

8.2.4.1. URL of the screen intended for display in IFRAME cannot be set in the authentication confirmation screen.

  • URL of the screen intended for display in IFRAME should not be set to the authentication confirmation screen.
    If the URL of the screen intended for display in IFRAME becomes the target screen for authentication confirmation, authentication confirmation screen will be dispalyed inside the IFRAME.
    Normal screen will be displayed if the authentication confirmation is successful. However, if it fails, IFRAME is deleted,
    because error screen occupies the entire Window.
    Therefore, even if the subsequent authentication confirmation is successful, screen will be of no-header theme.

8.2.4.2. Authentication confirmation screen may be displayed before process completion message is displayed.

  • Explanation is given with [Shared Database Setting] as an example.
    Suppose we set the “time when authentication confirmation is again required” to [5 minutes].
    When the process/screen transition as below takes place, and 5 minutes have elapsed from 1 to 4, authentication confirmation is again displayed at 4.
    1. Click [New Registration] on [Shared Database List] screen.
    2. Transition to [Shared Database Registration] screen.
    3. Enter information on [Shared Database Registration] screen, and click [Register].
    4. Transition to [Shared Databse List] screen, and Process Successful dialog is displayed.
    From the user’s viewpoint (= by information displayed on the screen only), process is not completed yet,
    since the process successful screen has not been displayed yet.
    It would be wrong to display the authentication confirmation screen before the process is completed.
    However, since the process failure or information loss would not happen, there would be no operational problem.

8.2.4.3. If you leave the log-in screen with no action for a while, log-in cannot be made.

  • If the session timeout occurs after opening the log-in screen, log-in will always fail.
    Log-in screen saves the secure token to the session, and authetication process checks its validity.
    If session timeout occurs, secure token cannot be found and this phenomenon will be observed.
    Please do either one of the following to circumvent this phenomenon.
    ・Please display the log-in screen again.
    ・For the setting information, please refer to [Setup Guide ]-[In case Auto Log-in Function is used].

8.2.4.4. If password expiration change screen is accessed directly, inappropriate message will be displayed.

  • If the log-in user directly accesses the URL below, password expiration change screen will be displayed.
    • http://<HOST>:<PORT>/<CONTEXT_PATH>/user/password/expire
    If you enter the password and click [Change], password will be changed normally.
    Once this screen is accessed, it will be in the log-out status.
    Although following messages are displayed on the screen, password validity has not actually expired.
    • [Password validity period has expired.]
    • [This is the initial Log-in.] (in case of initial log-in).

8.2.4.5. There are remarks about SSO (SingleSignOn) environment.

  • In case intra-mart Accel Platform is operated in SSO environment,
    log-in operation from the log-in screen of intra-mart Accel Platform is not supported.
    Although log-in screen is displayed, automatic log-in for the user specified by SSO is performed
    regardless of which user logged in from the log-in screen.
    In SSO environment automatic log-in is performed for any URL, and therefore
    there is no need to use the log-in screen.

8.2.4.6. InvalidClassException error may occur when the screen is accessed.

  • If you are operating the war at 2012 Winter or before, and if the session is made permanent by session failover etc., following error will occur when the screen is displayed after updating the war to 2013 Spring version or later.
    java.io.InvalidClassException: jp.co.intra_mart.system.security.certification.sso.SSOContextCachingStrategyAdapterImpl; local class incompatible: stream classdesc serialVersionUID = 539561492263087033, local class serialVersionUID = -6392005577997211593
    This phenomenon could be avoided by recreating the session once by session timeout or log-out.

8.2.4.7. When the tenant auto resolution function utilizing request information is enabled, access may not be possible if the log-in by system administrator fails.

  • When all the conditions below are met, HTTP500 error is generated if the log-in by system administrator fails.

    ・Tenant auto resolution function utilizing request information is enabled.
    ・Tenant ID mandatory check is enabled.
    ・System administrator log-in screen is accessed utilizing the URL where tenant auto resolution is not available.

    If this symptom occurs, the button for returning to the log-in screen will not be displayed.
    If this symptom occurs, please display the log-in screen again.

    If all the conditions below are met and if the log-in by the system administrator fails, transition to the authentication error screen takes place normally. However, the second log-in will fail.
    (If you click [Return to Log-in Screen] and transition to log-in screen, request URL is changed,and therefore HTTP403 error occurs at log-in time.)

    ・Tenant auto resolution function utilizing request information is enabled.
    ・Tenant ID mandatory check is disabled.
    ・Base URL which is set in server-context-config.xml and Base URL which is set in default tenant are different.
    ・System administrator log-in screen is accessed by utilizing Base URL which is set in server-context-config.xml.

    In case this symptom occurs, please display the log-in screen again by utilizing the Base URL which is set in server-context-config.xml.

    For your information, two symptoms stated above will not occur if correct user code and password are entered.

8.2.4.8. In case integrated Windows authentication is used, authentication dialog may be displayed on the system management screen.

  • This symptom is caused, because the browser sends the request to URL other than the system management function (URL other than /system/) by Ajax communication such as imuiListTable.
    If the authentication dialog is displayed, please enter the user and password for the Windows log-in user for the device in use.

8.2.4.9. Some authentication processes are outside the scope of double login pevention function.

  • Authenticatiion processed that utilize the functions below are outside the scope of double login prevention function.
    Therefore, log-in can be made successfully even if the user has logged in already.

    ・Forced Login (Shortcut URL etc.)
    ・IM-SecureSignOn
    ・LDAP Authentication
    ・Web Service
    ・External Software Linkage

8.2.4.10. Double login check may not be performed correctly, if the same user logs in from multiple browsers at the same time.

  • Since the login session information is registered only after the execution of login process, double login check may not catch
    the double login correctly, if the login processes are made from multiple browsers at the same time.

8.2.4.11. Login may fail during Integrated Windows Authentication.

  • Since Windows user code is not uppercase/lowercase sensitive, user code which is returned by Integrated Windows Authentication will have undefined uppercase/lowercase characters.
    intra-mart Accel Platform checks the uppercase/lowercase characters of user code, and therefore login may fail resulting in HTTP 500 error.

«  8.2.3. System Management   ::   Contents   ::   8.2.5. Client Browser  »

Copyright © 2014 NTT DATA INTRAMART CORPORATION