IBM i HTTP Web Server Authentication using an IBM i User Profile and Password
We tend to think of consuming a webservice (“connecting and reading from a webservice”) as something that is open to the public. But what if we want to add an extra level of authentication?
How about we force the connection to send a valid IBM i User Profile and Password?
The IBM HTTP Server for IBM i includes a rich collection of features for a secure communication over the internet. IBM I has a wide range of security features and services offering authentication, authorization, integrity, confidentiality, and auditing.
One way to limit access to your data is by using IBM i User Profiles, but it may not be the most secure option. This method is suitable for non-critical environments, but I wouldn’t advise relying solely on it for public networks like the Internet. Hackers can easily decode the simple Base64 encoding and gain access to your system using actual user profiles and passwords. To ensure maximum protection, recommend using data encryption with SSL and TLS.
Authentication using IBMi OS user profiles
IBM i OS user profiles can be utilized for authentication — Validating with an IBM i Username and password, offers the benefit of not needing any extra configuration steps or a separate user database.
To enable *USRPRF Validation on your HTTP server, you just need to edit the Server configuration file:
Change this
<Location />
Require all granted
</Location>
to this:
<Location />
ProfileToken On
AuthType Basic
AuthName "IBM i User Profile Authentication"
Require valid-user
PasswdFile %%SYSTEM%%
order deny,allow
Allow from all
</Location>
Restart your HTTP Server
Now your IBM HTTP Server for IBMi allows for secure connections by relying on the system user profiles feature. It will validate the USRPRF password and only allow it in if is correct. This is on the HTTP Server, so will affect all the webservices running under that Server.
Now, lets go and activate USRPRF authentication on our Webservice;
Change this setting from NONE to BASIC:
And thats it!
With IBM HTTP Server for i, establishing a Web presence and utilizing the Web for business has never been easier.