Setup IBM i Webserver User Profile Authentication

  • Home
  • /
  • Blog
  • /
  • Setup IBM i Webserver User Profile Authentication

October 19, 2023

IBM i HTTP Web Server Authentication using an IBM i User Profile and Password

We tend to think of consuming a webservice (“connecting and reading from a webservice”) as something that is open to the public. But what if we want to add an extra level of authentication?

How about we force the connection to send a valid IBM i User Profile and Password?

The IBM HTTP Server for IBM i includes a rich collection of features for a secure communication over the internet. IBM I has a wide range of security features and services offering authentication, authorization, integrity, confidentiality, and auditing.

One way to limit access to your data is by using IBM i User Profiles, but it may not be the most secure option. This method is suitable for non-critical environments, but I wouldn’t advise relying solely on it for public networks like the Internet. Hackers can easily decode the simple Base64 encoding and gain access to your system using actual user profiles and passwords. To ensure maximum protection, recommend using data encryption with SSL and TLS.

Authentication using IBMi OS user profiles

IBM i OS user profiles can be utilized for authentication — Validating with an IBM i Username and password, offers the benefit of not needing any extra configuration steps or a separate user database.

To enable *USRPRF Validation on your HTTP server, you just need to edit the Server configuration file:

edit configuration file

Change this

<Location />
  Require all granted
</Location>

to this:

<Location />
  ProfileToken On
  AuthType Basic
  AuthName "IBM i User Profile Authentication"
  Require valid-user
  PasswdFile %%SYSTEM%%
  order deny,allow
  Allow from all
</Location>

Restart your HTTP Server

Now your IBM HTTP Server for IBMi allows for secure connections by relying on the system user profiles feature. It will validate the USRPRF password and only allow it in if is correct. This is on the HTTP Server, so will affect all the webservices running under that Server.

Now, lets go and activate USRPRF authentication on our Webservice;

Change this setting from NONE to BASIC:

And thats it!

With IBM HTTP Server for i, establishing a Web presence and utilizing the Web for business has never been easier.

Share0
Tweet0
Share0
Author Image
Share0
Tweet0
Share0

NickLitten

IBM i Software Developer, Digital Dad, AS400 Anarchist, RPG Modernizer, Shameless Trekkie, Belligerent Nerd, Englishman Abroad and Passionate Eater of Cheese and Biscuits.

Nick Litten Dot Com is a mixture of blog posts that can be sometimes serious, frequently playful and probably down-right pointless all in the space of a day.

Enjoy your stay, feel free to comment and remember: If at first you don't succeed then skydiving probably isn't a hobby you should look into.

Nick Litten

related posts:

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Subscribe NOW
7-day free trial

Take This Course with ALL ACCESS

Unlock your Learning Potential with instant access to every course and all new courses as they are released.
 [ For Serious Software Developers only ]
get started

Online Learning for IBM i Software Technology Professionals

“The more that you read, the more things you will know. The more that you learn, the more places you’ll go.” – Dr. Seuss

 Show Me The Courses
>