Webulator/400 requires a user profile and password to sign on to the AS/400. The sign on process can be configured within the session based configuration using one of available methods. Each Webulator URL specified within the session based configuration file allows one of the following methods to be configured:
You may allow the user to specify the initial program, menu or library through
a query string if you enable the AllowSignonOverride
option of the
Signon Method configuration entry. Please refer
to Query String Options for more information
and ramifications of allowing signon values to be overridden using query string keywords.
Webulator/400 contains a service program (WBLVAUTSRV) that checks the password and user profile passed from the browser to ensure that they are valid for your AS/400. This service program adopts QSYS authority to be able to call AS/400 system security APIs. If you choose to change this service program to no longer adopt authority you should do the following in order to keep the same Webulator/400 functionality with regards to the User Authentication signon method:
In normal circumstances this method will not show the sign on screen during session initialization. Please note that a signon screen will appear when a valid user profile and password are used but the user profile is restricted from signing on to a virtual terminal. In this case, the signon screen will appear with an error message explaining that the user profile is not authorized to the workstation. This would occur if you have configured your AS/400 virtual terminal devices to only allow user profiles with limited authority to signon (limit QSECOFR QLMTSECOFR system value is a recommended security consideration). User profiles attempting to signon that have *ALLOBJ or *SERVICE special authorities would be the only users with this problem.
You may allow the user to specify the initial program, menu or library through
a query string if you enable the AllowSignonOverride
option of the
Signon Method configuration entry. Please refer
to Query String Options for more information
and ramifications of allowing signon values to be overridden using query string keywords.
Access to each of the Webulator URLs can be protected using the access control directives within the Session Based Configuration File. However, it is worthy to note that if the access control directives are used in conjunction with the User Authentication sign on method, the user name and password must match a valid AS/400 user profile name and password. Both the access control directives and the Webulator/400 sign on would use the same authentication user ID and password passed on the request from the browser.