Setup IBM i Webserver User Profile Authentication

  • Home
  • /
  • Blog
  • /
  • Setup IBM i Webserver User Profile Authentication

October 19, 2023

Setup IBM i Webserver User Profile Authentication

By NickLitten

October 19, 2023

IBM i, security

IBM i HTTP Web Server Authentication using an IBM i User Profile and Password

We tend to think of consuming a webservice (“connecting and reading from a webservice”) as something that is open to the public. But what if we want to add an extra level of authentication?

How about we force the connection to send a valid IBM i User Profile and Password?

The IBM HTTP Server for IBM i includes a rich collection of features for a secure communication over the internet. IBM I has a wide range of security features and services offering authentication, authorization, integrity, confidentiality, and auditing.

One way to limit access to your data is by using IBM i User Profiles, but it may not be the most secure option. This method is suitable for non-critical environments, but I wouldn’t advise relying solely on it for public networks like the Internet. Hackers can easily decode the simple Base64 encoding and gain access to your system using actual user profiles and passwords. To ensure maximum protection, recommend using data encryption with SSL and TLS.

Authentication using IBMi OS user profiles

IBM i OS user profiles can be utilized for authentication — Validating with an IBM i Username and password, offers the benefit of not needing any extra configuration steps or a separate user database.

To enable *USRPRF Validation on your HTTP server, you just need to edit the Server configuration file:

Edit configuration file

Change this

<Location />
  Require all granted

to this:

<Location />
  ProfileToken On
  AuthType Basic
  AuthName "IBM i User Profile Authentication"
  Require valid-user
  PasswdFile %%SYSTEM%%
  order deny,allow
  Allow from all

Restart your HTTP Server

Now your IBM HTTP Server for IBMi allows for secure connections by relying on the system user profiles feature. It will validate the USRPRF password and only allow it in if is correct. This is on the HTTP Server, so will affect all the webservices running under that Server.

Now, lets go and activate USRPRF authentication on our Webservice;

Change this setting from NONE to BASIC:

Setup ibm i webserver user profile authentication 1

And thats it!

With IBM HTTP Server for i, establishing a Web presence and utilizing the Web for business has never been easier.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Join the IBM i Community for FREE Presentations, Lessons, Hints and Tips