Dual Validation list Authentication: httpd.config

[Tonis]

Dear ProfoundUI Team and Community Members,

I have a scenario where I need to validate 2 different applications against 2 different validation lists.

Application 1 is currently running live. (https://domain:8082/profoundui/auth/start). It runs as an anonymous session. (Set up in PUI0001200).

I want to run application 2 in much the same way, but want to use a different validation list. I have created a copy of the start.html and named it wcs.html for this application. (https://domain:8082/profoundui/wcs)

Question 1: How can I run this https://domain:8082/profoundui/wcs also under https://domain:8082/profoundui/auth/wcs ?
Question 2: What do I need to configure, if anything, within profound (PUI000nnnn files to map the correct IBM Program when the specific URL is passed.

Attached a copy of my httpd.conf file. It's currently a mess, as I've tried various combinations to try to get this to work.

Any help\ideas will be greatly appreciated.

Kind Regards,

ToniS.

[matt.denninghoff]

Hi Toni. One thing that needs to change in your httpd.conf file is the line:

Code: Select all

SetEnv WCS_VLDL PUISSL/WCSVLDL

needs to be

Code: Select all

SetEnv PUI_VLDL PUISSL/WCSVLDL

The server-side programs in Profound UI are hard-coded to look for that environment variable, PUI_VLDL, to decide when to use validation lists.

Unless you are using Virtual Hosts, then that environment variable is set globally for the HTTP server instance (i.e. your port 8082). To use two different validation lists on the same instance of Profound UI, you would need to use Virtual Hosts and place the SetEnv directive inside the <VirtualHost> section. However, with Virtual Hosts, one would need to run on a different port number than the other. Would that work for you?

[Tonis]

Thanx for the feedback Matt.

I'll rather stick with the one Validation list, and not set up virtual hosts. I want to try and keep future admin to the minimum.

Currently it does IBM user profile Authentication. I'll change it over to validation lists in the near future.

I guess I'll have to change the following lines in my .conf file:
Current:

Code: Select all

Alias /profoundui/wcs.html /www/puissl/htdocs/profoundui/userdata/html/wcs.html
ScriptAlias /profoundui/wcs /QSYS.LIB/PUISSL.LIB/PUI0005001.PGM

New:

Code: Select all

Alias /profoundui/wcs.html /www/puissl/htdocs/profoundui/userdata/html/wcs.html
ScriptAlias /profoundui/auth/wcs /QSYS.LIB/PUISSL.LIB/PUI0005001.PGM

I've renamed the standard start.html to wcs.html so I can identify which program I need to call, but I suspect there must be some setup surrounding that as well?

Regards,

Toni

[matt.denninghoff]

The "auth" in the ScriptAlias directive means that the browser asks the user for credentials. When the URL doesn't include "auth", then Genie or the Rich Display Handler will display a signon page. In the default httpd.conf, there are three directives related to that PUI0005001 program:

Code: Select all

Alias /profoundui/start.html /puidev/source/profoundui/userdata/html/start.html
ScriptAlias /profoundui/auth/start /QSYS.LIB/PUIDEV.LIB/PUI0005001.PGM
ScriptAlias /profoundui/start /QSYS.LIB/PUIDEV.LIB/PUI0005001.PGM

Having both "/profoundui/auth/start" and "/profoundui/start" allows people to provide credentials to the server two different ways. If you are using two different HTML files so that the UI looks different, depending on the URL, then yes you would need to add those entries for "wcs". If you want both sign-on options, then you'll need both the "/profoundui/auth/wcs" and "/profoundui/wcs" ScriptAlias directives. Those do not affect Validation Lists.

This article on our doc page should explain the changes necessary for using Validation Lists: http://www.profoundlogic.com/docs/displ ... ation+List

This may also be helpful, though you aren't replacing start.html:
http://www.profoundlogic.com/docs/displ ... start.html

When you say, "identify which program I need to call", where would this happen--in javascript loaded in your wcs.html?

[matt.denninghoff]

I should correct myself, having "auth" does affect validation lists when using this directive:

Code: Select all

<LocationMatch "^/profoundui/auth/(.*)">
    AuthType Basic
    AuthName "Profound UI"
    Require valid-user
    PasswdFile PROFOUNDUI/PUIVLDL
</LocationMatch>

So yes, your change to add "auth" to the ScriptAlias was necessary to make the validation list work for wcs.html.

[Tonis]

Hi Matt,

Late Feedback,

I got it to work using only one validation list, running under anonymous.

Maybe of use to my fellow Profounders:

I wanted to display the user's details as well (Ie, username - user description).
Obviously the trusty old RTVUSRPRF Command did not cut the cheese, So I used API 'QsyFindValidationLstEntry' to retrieve the details from the validation list's Description field.

Thanx for all the help,

Regards,

Toni.