Setting authentication options

Within the Authentication settings in the WebFacing project properties, you can change a number of authentication options for your WebFacing application. You can prompt users to enter a user ID and password when accessing a WebFacing application, change the signon values originally entered using the Sign-on with specified values fields in the Specify CL commands screen, or you can use single signon for your Web application, enabling users to access multiple applications across multiple platforms using a single user ID and password.
Note: If you are changing the ID and password for a project that has already been deployed, generally, you must re-deploy and then restart the application in the WebSphere® Administrative Console. Alternatively, you can search for the IFS location on your i5/OS® system where your WebFacing Web application's web.xml file is installed, and redeploy just the web.xml file from the workbench. This alternative method still requires a restart of the application. However, it can be a convenient method of changing the ID and password if your application is large.
Related concepts
Deployment descriptor

Prompting for user IDs and passwords

If you would like to prompt users to enter an i5/OS user ID and password when accessing a WebFacing application, delete the entries for user ID and password in the Properties dialog for your WebFacing project. This will change the values in the deployment descriptor file web.xml in WebContent > WEB-INF.
  1. From the WebFacing Projects view, right-click your WebFacing project and select Properties. The Properties page appears.
  2. Open the Run Time > Project section of the Properties page.
  3. Click the Authentication tab to view the settings for authentication.
  4. Select the Use i5/OS signon radio button. This will enable you to change the Prompt once for user ID and password and Specify signon values boxes.
  5. Uncheck the Specify signon values box.
  6. If you want the user to be prompted once during the browser session, check the Prompt once for user ID and password box.
  7. Click OK. The web.xml file is updated.

Changing default user IDs and passwords

WebFacing applications can be run under any i5/OS profile that has 5250 access. If initially a user ID and password for the application was entered using the Specify signon values fields in the Specify CL commands screen these can be changed using the Properties page. This will change the values in the deployment descriptor file web.xml.
  1. From the WebFacing Projects view, right-click your WebFacing project and select Properties. The Properties page appears.
  2. Open the Run Time > Project section of the Properties page.
  3. Click the Authentication tab to view the settings for authentication.
  4. Under Use i5/OS signon, change the values in the User ID and Password fields.
  5. Click OK. The web.xml file is updated.

Setting password protection for individual CL commands

You can also set up user level password protection for individual CL commands rather than for an entire project. Changes made for CL commands are also stored in the file web.xml.
  1. From the WebFacing Projects view, expand your WebFacing project and open the CL Commands folder. The folder expands to display the list of CL commands used in your project.
  2. Right-click a CL command and select Properties to open the Run Time > Project section of the Properties page.
  3. Check the Override project settings for this command box. This will enable you to override the general user ID and password settings for the project.
  4. If you want the user to be prompted for their user ID and password, deselect the Specify i5/OS signon values check box. Otherwise, enter the default user ID and password to use for signon.
  5. Click OK. The web.xml file is updated.

Enabling single signon

Single signon enables users to access more than one application and multiple platforms using one user ID and password. If you enable single signon, you must also configure Enterprise Identity Mapping (EIM), Lightweight Directory Access Protocol (LDAP), WAS security, and security for your application. EIM is a mechanism for mapping, or associating, a person or entity to the appropriate user identities in various registries throughout the enterprise. To enable single signon for your WebFacing application:

  1. From the WebFacing Projects view, right-click your WebFacing project and select Properties. The Properties page appears.
  2. Open the Run Time > Project section of the Properties page.
  3. Click the Authentication tab to view the settings for authentication..
  4. Select the Single signon radio button.
  5. Click OK. The web.xml file is updated.
Note: Selecting single signon disables other authentication options on the Authentication settings page.

Feedback