Signon Method


Description

Describes the mechanism used to sign on a user when starting a Webulator/400 session at this URL.

Parameters

Method
Can be one of User, Screen, UseAuthentication or Disabled.

User will cause the system to automatically sign on with a specific user name. This is the most secure way to configure Webulator/400 because you have control over what AS/400 user profiles people are allowed to sign on with. If this is specified, it must be followed by a UserName, which is described below.

Screen will cause people to be presented with an AS/400 signon screen. They may then type in the AS/400 user and password they want to use to sign on. This is less secure because the AS/400 user and password are sent over the TCP/IP network between the browser and the server. It is recommended that this only be used over internal networks unless secured with SSL and Commerce Server/400. If Commerce Server/400 is configured to use SSL for Webulator/400 sessions, all data, including user ids and passwords is encrypted.

UseAuthentication uses authentication information sent from the browser as the AS/400 user and password. This is slightly more secure than Screen because the user and password are sent uuencoded (while uuencoded text is not as obvious as "clear" text, it is not a form of encryption and it is easy to "decode" it). You can also combine this with access control to limit the user IDs and passwords that can be entered for a URL. This changes the meaning of Web Server/400 require entries; any users listed will be expected to be valid user profiles instead of entries in a user file.

Disabled Disables webulator access in the current directory.

UserName
This must be present if User was specified above. It is the AS/400 user that will be signed on. It must have a corresponding entry in the Webulator/400 user file.

AllowSignonOverride
This is only applicable if the method is set to User or UseAuthentication. If set, Webulator/400 will allow signon screen fields to be overridden by URL options.

IgnoreSignonOverride
This is only applicable if the method is set to User or UseAuthentication. If set, Webulator/400 will not allow signon screen fields to be overridden by URL options.

Default if no entry found

If no entry is provided for a directory, the parent directory's value will be inherited. If the root directory has no entry, the default, which is Disabled, will be inherited.

Command To Change This Value


File Syntax

Signon Method UserName

Only one entry may exist in a directory section. If more than one entry is found, the last one will be used.


Also see