Step 2. Update IBM i Web Server Configuration

Start the *ADMIN instance to use the IBM Web Administration for IBM i to configure your server.

You will then need to create a Web Server alias for this library. By default, LANSA Web assigns the alias as AUTHLIB. Once the AUTHLIB alias is set up, you will then configure your LANSA Communications library, DCXCOMLIB, to require user authentication. This means that the CGI-BIN library does not require user authentication, but when processes require authentication, the request is always redirected to the AUTHLIB URL path for identification.

Create the Web Server alias for authentication.

Using the Web Administration for IBM i, expand the Server Properties menu tree.

1.  Click on the URL Mapping menu item.

2.  From the Alias Tab, click Add.

3.  Select the Script Alias Match.

4.  Set the URL path of the LANSAWEB CGI program to ^/authlib/lansaweb(.*)

5.  Set the Host directory or file to /QSYS.LIB/DCXCOMLIB.LIB/lansaWEB.PGM$1

6.  Repeat steps 1 – 5 for to set the Script Alias Match directive the URL path ^/authlib/lansaxml(.*)for the host file /QSYS.LIB/DCXCOMLIB.LIB/lansaXML.PGM$1

7.  Press the Apply button.

     Your configuration now contains the added lines:

ScriptAliasMatch ^/authlib/lansaweb(.*) /QSYS.LIB/DCXCOMLIB.LIB/lansaWEB.PGM$1 

ScriptAliasMatch ^/authlib/lansaxml(.*) /QSYS.LIB/DCXCOMLIB.LIB/lansaXML.PGM$1

 

Define the location path for authentication.

1.   From Container Management, check you are in the Server area: Global configuration.

2.  Select the Locations tab.

3.  Add a Location type to the /authlib URL path.

4.  Press the Apply button.

Define the scope of protection and set the security.

1.  From Security, ensure Server area is set to Location: /authlib

2.  From the Security menu item, select the Authentication tab.

3.  Choose the Internet users in validation lists.

4.  Type in your authentication name/realm of your choice.

5.  Click Add to specifiy the location of your validation list on the IBM i.

6.  Press the Apply button.

   Your configuration now contains the added lines:

<Location /authlib> 

  PasswdFile QGPL/USERLIST 

  AuthType Basic 

  AuthName "My Auth Realm" 

  Require valid-user 

</Location>

 

Sample IBM HTTP Server (powered by Apache)Configuration:

Following is a sample IBM HTTP Server Instance configured for standard authentication running under V5R3 or later.

This Instance will run on Port 80.

The CGI library is DCXCOMLIB

The Authenticated library is DCXCOMLIB

The Validation List it uses is USERLIST in QGPL.

Once a LANSA Web Process is configured for Process Authentication using the Web Administrator, the following IBM HTTP Server Configuration will prompt the User for User ID and Password. This is validated against the USERLIST Validation List in QGPL.

# LANSA Web Apache HTTP Configuration File 

Alias /images /lansaIMG/ 

ScriptAliasMatch ^/cgi-bin/jsmdirect(.*) /QSYS.LIB/JSMLIB.LIB/JSMDIRECT.PGM$1 

ScriptAliasMatch ^/cgi-bin/lansaweb(.*) /QSYS.LIB/DCXCOMLIB.LIB/lansaWEB.PGM$1 

ScriptAliasMatch ^/cgi-bin/lansaxml(.*) /QSYS.LIB/DCXCOMLIB.LIB/lansaXML.PGM$1 

ScriptAliasMatch ^/authlib/lansaweb(.*) /QSYS.LIB/DCXCOMLIB.LIB/lansaWEB.PGM$1 

ScriptAliasMatch ^/authlib/lansaxml(.*) /QSYS.LIB/DCXCOMLIB.LIB/lansaXML.PGM$1 

Listen *:80 

DocumentRoot /www/dcxpgmlib/htdocs 

# DirectoryIndex /index.html  

ServerRoot /www/dcxpgmlib 

Options -ExecCGI -FollowSymLinks -SymLinksIfOwnerMatch -Includes -IncludesNoExec -Indexes -MultiViews 

DefaultFsCCSID 37 

DefaultNetCCSID 819 

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined 

LogFormat "%{Cookie}n \"%r\" %t" cookie 

LogFormat "%{User-agent}i" agent 

LogFormat "%{Referer}i -> %U" referer 

LogFormat "%h %l %u %t \"%r\" %>s %b" common 

CustomLog logs/access_log combined 

SetEnvIf "User-Agent" "Mozilla/2" nokeepalive 

SetEnvIf "User-Agent" "JDK/1\.0" force-response-1.0 

SetEnvIf "User-Agent" "Java/1\.0" force-response-1.0 

SetEnvIf "User-Agent" "RealPlayer 4\.0" force-response-1.0 

SetEnvIf "User-Agent" "MSIE 4\.0b2;" nokeepalive 

SetEnvIf "User-Agent" "MSIE 4\.0b2;" force-response-1.0 

SetEnvIf "User-Agent" ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 

ServerUserID DCXPGMLIB 

<Directory /> 

   Order Deny,Allow 

   Deny From all 

</Directory> 

<Directory /QSYS.LIB/JSMLIB.LIB> 

   Order Allow,Deny 

   Allow From all 

</Directory> 

<Directory /QSYS.LIB/DCXCOMLIB.LIB> 

   Order Allow,Deny 

   Allow From all 

</Directory> 

<Directory /lansaIMG> 

   Order Allow,Deny 

   Allow From all 

</Directory> 

<Directory /www/dcxpgmlib/htdocs> 

   Order Allow,Deny 

   Allow From all 

</Directory> 

<Location /authlib> 

  PasswdFile QGPL/USERLIST 

  AuthType Basic 

  AuthName "My Auth Realm" 

  Require valid-user 

</Location>

 

You must enable the GET and POST methods.

Please be sure to review, on the LANSA Web site, www.LANSA.com/support, the Important Notes for IBM HTTP Server Configuration in the Example IBM HTTP Server Configuration in Configuration of IBM HTTP Server using CGI.

Go to Step 3. Execute Administrator to Define Process Authentication.