Start the *ADMIN instance to use the IBM Web Administration for IBM i to configure your server.

You will then need to create a Web Server alias for this library. By default, LANSA Web assigns the alias as AUTHLIB. Once the AUTHLIB alias is set up, you will then configure your LANSA Communications library, DCXCOMLIB, to require user authentication. This means that the CGI-BIN library does not require user authentication, but when processes require authentication, the request is always redirected to the AUTHLIB URL path for identification.

Create the Web Server alias for authentication.

Using the Web Administration for IBM i, expand the Server Properties menu tree.

  1. Click on the URL Mapping menu item.
  2. From the Alias Tab, click Add.
  3. Select the Script Alias Match.
  4. Set the URL path of the LANSAWEB CGI program to ^/authlib/lansaweb(.*).
  5. Set the Host directory or file to /QSYS.LIB/DCXCOMLIB.LIB/lansaWEB.PGM$1.
  6. Repeat steps 1 – 5 for to set the Script Alias Match directive the URL path ^/authlib/lansaxml(.*)for the host file /QSYS.LIB/DCXCOMLIB.LIB/lansaXML.PGM$1.
  7. Press the Apply button.
    Your configuration now contains the added lines:
    ScriptAliasMatch ^/authlib/lansaweb(.*) /QSYS.LIB/DCXCOMLIB.LIB/lansaWEB.PGM$1
    ScriptAliasMatch ^/authlib/lansaxml(.*) /QSYS.LIB/DCXCOMLIB.LIB/lansaXML.PGM$1

Define the location path for authentication.

  1. From Container Management, check you are in the Server area: Global configuration.
  2. Select the Locations tab.
  3. Add a Location type to the /authlib URL path.
  4. Press the Apply button.

Define the scope of protection and set the security.

  1. From Security, ensure Server area is set to Location: /authlib
  2. From the Security menu item, select the Authentication tab.
  3. Choose the Internet users in validation lists.
  4. Type in your authentication name/realm of your choice.
  5. Click Add to specify the location of your validation list on the IBM i.
  6. Press the Apply button.
    Your configuration now contains the added lines:
     <Location /authlib> 
       PasswdFile QGPL/USERLIST 
       AuthType Basic 
       AuthName "My Auth Realm" 
       Require valid-user 
     </Location>

Sample IBM HTTP Server (powered by Apache)Configuration:

Following is a sample IBM HTTP Server Instance configured for standard authentication running under V5R3 or later.

This Instance will run on Port 80.

The CGI library is DCXCOMLIB.

The Authenticated library is DCXCOMLIB.

The Validation List it uses is USERLIST in QGPL.

Once a LANSA Web Process is configured for Process Authentication using the Web Administrator, the following IBM HTTP Server Configuration will prompt the User for User ID and Password. This is validated against the USERLIST Validation List in QGPL.

# LANSA Web Apache HTTP Configuration File 
Alias /images /lansaIMG/ 
ScriptAliasMatch ^/cgi-bin/jsmdirect(.*) /QSYS.LIB/JSMLIB.LIB/JSMDIRECT.PGM$1 
ScriptAliasMatch ^/cgi-bin/lansaweb(.*) /QSYS.LIB/DCXCOMLIB.LIB/lansaWEB.PGM$1 
ScriptAliasMatch ^/cgi-bin/lansaxml(.*) /QSYS.LIB/DCXCOMLIB.LIB/lansaXML.PGM$1 
ScriptAliasMatch ^/authlib/lansaweb(.*) /QSYS.LIB/DCXCOMLIB.LIB/lansaWEB.PGM$1 
ScriptAliasMatch ^/authlib/lansaxml(.*) /QSYS.LIB/DCXCOMLIB.LIB/lansaXML.PGM$1 
Listen *:80 
DocumentRoot /www/dcxpgmlib/htdocs 
# DirectoryIndex /index.html  
ServerRoot /www/dcxpgmlib 
Options -ExecCGI -FollowSymLinks -SymLinksIfOwnerMatch -Includes -IncludesNoExec -Indexes -MultiViews 
DefaultFsCCSID 37 
DefaultNetCCSID 819 
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined 
LogFormat "%{Cookie}n \"%r\" %t" cookie 
LogFormat "%{User-agent}i" agent 
LogFormat "%{Referer}i -> %U" referer 
LogFormat "%h %l %u %t \"%r\" %>s %b" common 
CustomLog logs/access_log combined 
SetEnvIf "User-Agent" "Mozilla/2" nokeepalive 
SetEnvIf "User-Agent" "JDK/1\.0" force-response-1.0 
SetEnvIf "User-Agent" "Java/1\.0" force-response-1.0 
SetEnvIf "User-Agent" "RealPlayer 4\.0" force-response-1.0 
SetEnvIf "User-Agent" "MSIE 4\.0b2;" nokeepalive 
SetEnvIf "User-Agent" "MSIE 4\.0b2;" force-response-1.0 
SetEnvIf "User-Agent" ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 
ServerUserID DCXPGMLIB 
<Directory /> 
   Order Deny,Allow 
   Deny From all 
</Directory> 
<Directory /QSYS.LIB/JSMLIB.LIB> 
   Order Allow,Deny 
   Allow From all 
</Directory> 
<Directory /QSYS.LIB/DCXCOMLIB.LIB> 
   Order Allow,Deny 
   Allow From all 
</Directory> 
<Directory /lansaIMG> 
   Order Allow,Deny 
   Allow From all 
</Directory> 
<Directory /www/dcxpgmlib/htdocs> 
   Order Allow,Deny 
   Allow From all 
</Directory> 
<Location /authlib> 
  PasswdFile QGPL/USERLIST 
  AuthType Basic 
  AuthName "My Auth Realm" 
  Require valid-user 
</Location>

You must enable the GET and POST methods.

Please be sure to review, on the LANSA Web site, www.LANSA.com/support, the Important Notes for IBM HTTP Server Configuration in the Example IBM HTTP Server Configuration in Configuration of IBM HTTP Server using CGI.

Go to Step 3. Execute Administrator to Define Process Authentication.