Profound Logic Forums

is is possible to have some users logging into atrium with their iseries profile and at the same time allow other (external) users to login based on a validation list entries ?

Can this be set up in a single instance or are multiple instances required ?

Yes, this is possible. Although to do it requries some Apache conifguration "know how".

The way that Atrium handles authentication is through Apache.

There are directives provided in the "httpd.conf" for different auth types. By default AS/400 profile authentication is turned on. But, the directives for validation lists are there, commented out.

There are 2 ways of approaching it...

1 way is to have 2 instances of PUI installed. One setup for validation lists, the other for AS/400 profiles.

This can be 2 entirely separate instances with their own libraries, and all. Or, you can have 2 diff web servers pointing to the same product library.

Or...

if you know how to setup virtual hosts in Apache, you can have 1 web server doing both. it can pick between the 2 using an alternate host name or port.

Thanks Brian.

I added the pui directives to my standard (port 80) instance & changed the atrium access in that instance to a validation list. (no changes were made to the standard port 8080 directives)

After adding a new test user name to the validation list (PROFOUNDUI/PUIVLDL) with my own validation list maintenance program program, and adding the same test user name via the port 8080 instance of atrium (using my normal iseries login profile), that new test user was able to login to the port 80 instance of atrium successfully.

So the proof of concept works.

Now what I would like to be able to do is add entries to the atrium user file at the same time as i add them to the validation list - is the information available to do that, or is there an api interface to easily add users ?

I can't add them from the port 80 instance even if I create a validation list entry with my username & password the same as my iseries profile, as that validation list entry doesn't have permission to modify the validation list from within atrium, and I can't add them from the port 8080 instance because even though my profile there has permissions to the validation list, the user editor doesn't have the password field & doesn't add to the validation list because it assumes the users to have iseries profiles.

Are there any other alternative ways to achieve the adding to the validation list at the same time as creating the user in atrium ?

thanks
Tony C

You just need to give user QTMHHTP1 *ALL authority to the validation list object. When you are signed in that way, your own OS user profile is not used and the job runs under this user profile.

The validation list user profiles have nothing to do with OS profiles, so there is nothing special about making one the same as an iSeries user profile. This won't give it any special capabilities -- you'll just have a validation list entry with the same name.

Atrium automatically adds, removes, and changes (when a password is changed) the validation list entries as you work with users in the interface. This is what it was trying to do when you got the error -- apparently QTMHHTP1 was not authorized.

thanks David, all good now