Page 1 of 1
Dual Validation list Authentication: httpd.config
Posted: Thu May 11, 2017 8:43 am
by Tonis
Dear ProfoundUI Team and Community Members,
I have a scenario where I need to validate 2 different applications against 2 different validation lists.
Application 1 is currently running live. (
https://domain:8082/profoundui/auth/start). It runs as an anonymous session. (Set up in PUI0001200).
I want to run application 2 in much the same way, but want to use a different validation list. I have created a copy of the start.html and named it wcs.html for this application. (
https://domain:8082/profoundui/wcs)
Question 1: How can I run this
https://domain:8082/profoundui/wcs also under
https://domain:8082/profoundui/auth/wcs ?
Question 2: What do I need to configure, if anything, within profound (PUI000nnnn files to map the correct IBM Program when the specific URL is passed.
Attached a copy of my httpd.conf file. It's currently a mess, as I've tried various combinations to try to get this to work.
Any help\ideas will be greatly appreciated.
Kind Regards,
ToniS.
Re: Dual Validation list Authentication: httpd.config
Posted: Thu May 11, 2017 11:17 am
by matt.denninghoff
Hi Toni. One thing that needs to change in your httpd.conf file is the line:
needs to be
The server-side programs in Profound UI are hard-coded to look for that environment variable, PUI_VLDL, to decide when to use validation lists.
Unless you are using Virtual Hosts, then that environment variable is set globally for the HTTP server instance (i.e. your port 8082). To use two different validation lists on the same instance of Profound UI, you would need to use Virtual Hosts and place the
SetEnv directive inside the <VirtualHost> section. However, with Virtual Hosts, one would need to run on a different port number than the other. Would that work for you?
Re: Dual Validation list Authentication: httpd.config
Posted: Fri May 12, 2017 4:02 am
by Tonis
Thanx for the feedback Matt.
I'll rather stick with the one Validation list, and not set up virtual hosts. I want to try and keep future admin to the minimum.
Currently it does IBM user profile Authentication. I'll change it over to validation lists in the near future.
I guess I'll have to change the following lines in my .conf file:
Current:
Code: Select all
Alias /profoundui/wcs.html /www/puissl/htdocs/profoundui/userdata/html/wcs.html
ScriptAlias /profoundui/wcs /QSYS.LIB/PUISSL.LIB/PUI0005001.PGM
New:
Code: Select all
Alias /profoundui/wcs.html /www/puissl/htdocs/profoundui/userdata/html/wcs.html
ScriptAlias /profoundui/auth/wcs /QSYS.LIB/PUISSL.LIB/PUI0005001.PGM
I've renamed the standard start.html to wcs.html so I can identify which program I need to call, but I suspect there must be some setup surrounding that as well?
Regards,
Toni
Re: Dual Validation list Authentication: httpd.config
Posted: Fri May 12, 2017 5:14 pm
by matt.denninghoff
The "auth" in the ScriptAlias directive means that the browser asks the user for credentials. When the URL doesn't include "auth", then Genie or the Rich Display Handler will display a signon page. In the default httpd.conf, there are three directives related to that PUI0005001 program:
Code: Select all
Alias /profoundui/start.html /puidev/source/profoundui/userdata/html/start.html
ScriptAlias /profoundui/auth/start /QSYS.LIB/PUIDEV.LIB/PUI0005001.PGM
ScriptAlias /profoundui/start /QSYS.LIB/PUIDEV.LIB/PUI0005001.PGM
Having both "/profoundui/auth/start" and "/profoundui/start" allows people to provide credentials to the server two different ways. If you are using two different HTML files so that the UI looks different, depending on the URL, then yes you would need to add those entries for "wcs". If you want both sign-on options, then you'll need both the "/profoundui/auth/wcs" and "/profoundui/wcs" ScriptAlias directives. Those do not affect Validation Lists.
This article on our doc page should explain the changes necessary for using Validation Lists:
http://www.profoundlogic.com/docs/displ ... ation+List
This may also be helpful, though you aren't replacing start.html:
http://www.profoundlogic.com/docs/displ ... start.html
When you say, "identify which program I need to call", where would this happen--in javascript loaded in your wcs.html?
Re: Dual Validation list Authentication: httpd.config
Posted: Fri May 12, 2017 6:34 pm
by matt.denninghoff
I should correct myself, having "auth" does affect validation lists when using this directive:
Code: Select all
<LocationMatch "^/profoundui/auth/(.*)">
AuthType Basic
AuthName "Profound UI"
Require valid-user
PasswdFile PROFOUNDUI/PUIVLDL
</LocationMatch>
So yes, your change to add "auth" to the ScriptAlias was necessary to make the validation list work for wcs.html.
Re: Dual Validation list Authentication: httpd.config
Posted: Tue May 23, 2017 2:58 am
by Tonis
Hi Matt,
Late Feedback,
I got it to work using only one validation list, running under anonymous.
Maybe of use to my fellow Profounders:
I wanted to display the user's details as well (Ie, username - user description).
Obviously the trusty old RTVUSRPRF Command did not cut the cheese, So I used API 'QsyFindValidationLstEntry' to retrieve the details from the validation list's Description field.
Thanx for all the help,
Regards,
Toni.