1.5.3 Full User Authentication

Full user authentication via the Web Server involves setting up the CGI-BIN library to require user authentication. This means that all requests to LANSA Web will require the Web Server to authenticate the user. This model uses the Web Server validation and is not LANSA specific.

All users, even casual visitors to your applications, will be required to provide a user profile. This alternative is useful for deploying applications on an Intranet or an Extranet, where you want to control user access to your applications. You will have a defined number of users who are allowed access to your applications.

The Web Server will not permit the user to progress any further unless they provide a valid user profile. If a valid user profile is provided, then LANSA Web is invoked.

LANSA Web checks to determine if the Web Server user profile is a registered LANSA Web user. If the user is known to LANSA Web, the associated Data/Application user profile is used to execute LANSA. This user profile will be used to determine the user's access rights at the Data/Application Server.

If the Web Server user profile is not registered, the user will still be allowed to use LANSA Web, provided that there is an anonymous user registered in LANSA Web. This means that LANSA Web will use the default user profile at the Data/Application Server to determine the user's access rights.

If an anonymous user has not been registered, they will not be allowed to use LANSA Web.

When configuring the directory limits, remember to enable the GET and POST methods.

To configure Full User Authentication on an IBM i Web Server, complete the following steps:

Before You Begin Checklist

Step 1. Create IBM i Validation List & Add Users

Step 2. Define the Scope for Protection

Step 3. Set Security

Step 4. Register User in LANSA for Web

The screen examples used in these steps were created using the IBM HTTP Server (powered by Apache) shipped with V5R2.