Bradley,

I have a project next year to make the IBM I an Identity Federation for our subscribers.
Don’t think there is any open source code for the IBM I ☹

Thanks
John Slanina


On 12/11/18, 9:34 AM, "WEB400 on behalf of B Stone" <web400-bounces@xxxxxxxxxxxx on behalf of bvstone@xxxxxxxxx> wrote:

There may be with all the new OS, but I just rolled my own years ago and
use that.

Bradley V. Stone
www.bvstools.com
MAILTOOL Benefit #18 <https://www.bvstools.com/mailtool.html>: Ability to
use SSL, TLS or OAuth 2.0 authentication. (OAuth 2.0 only available with
Google or Microsoft Office 365).

On Tue, Dec 11, 2018 at 8:19 AM Slanina, John <jslanina@xxxxxxxxxx> wrote:

> Bradley,
>
> Is there build in support for Oauth on the IBM I or does option 2 mean
> write it __
>
> Thanks
> John Slanina
>
>
> On 12/11/18, 8:41 AM, "WEB400 on behalf of B Stone" <
> web400-bounces@xxxxxxxxxxxx on behalf of bvstone@xxxxxxxxx> wrote:
>
> For the RESTful projects I've done for multiple clients to accessh
> APIs, I
> have done the following:
>
> 1. Only put explicit paths in my HTTP config pointing to explicit
> programs. A One to one. No wildcards.
>
> 2. Implemented a Oauth type token function. Each time an application
> is
> called, if the token isn't good, exit immediately. (ie, header
> requires
> Authorization: Bearer <token> on each request).
> Example: https://www.fieldexit.com/forum/display?threadid=452
>
> 3. To request/refresh a token, a valid user/pw combo is required.
> This
> can be done any way you want (a PF, validation list, etc).
>
> I do this even for small projects. I've had some clients ask why I
> make
> them request a token, even for one or two endpoints. Well, if
> experience
> serves, once we get a couple endpoints and see how fruitful it is, they
> will want more. And a way to track and log which endpoints are being
> called, who is calling them (which is done by reverse lookup of the
> token),
> and how often. 9 times out of ten this happens.
>
> There may be cases where setting up alias matches with wildcards is an
> idea, but in most cases I've dealt with, endpoints are explicit and
> that
> isn't required.
>
> Just my .02 on this thread.
>
> Bradley V. Stone
> www.bvstools.com
> MAILTOOL Benefit #7 <https://www.bvstools.com/mailtool.html>: The
> ability
> to completely bypass the IBM SMTP system all together using MAILTOOL
> Plus
> or other Addons.
>
> On Tue, Dec 11, 2018 at 7:26 AM Slanina, John <jslanina@xxxxxxxxxx>
> wrote:
>
> > How can you control that is only get called once ? if more than one
> client
> > is accessing the API you could have up to by default 40 jobs
> running. We
> > have 19 jobs serving the api's right now.
> > The first program wsrpgm02 is a router program the looks at the uri
> and
> > does a DB lookup to find which program to load. It provides a level
> of
> > security.
> > I hope you are not going to let the client side pick the program.
> One typo
> > from the client developer and they may run a program you don’t want
> them
> > too.
> >
> > Thanks
> > John Slanina
> >
> >
> >
> > On 12/11/18, 4:55 AM, "WEB400 on behalf of Rob Dixon" <
> > web400-bounces@xxxxxxxxxxxx on behalf of robertsdixon@xxxxxxxxx>
> wrote:
> >
> > Many thanks. The wild card is not in my config but has been put
> there,
> > at
> > the beginning and end of each line, by a mail package when
> responding
> > to my
> > post. I don't know why.
> >
> > I don't need the SETENV code as the library list is set by my
> initial
> > program. The other difference is that I have to distinguish
> between the
> > initial program which calls my CGI program (indirectly) and that
> CGI
> > program, as, rather obviously, the initial program must only be
> called
> > once.
> >
> > Rob
> >
> > On Mon, 10 Dec 2018 at 16:33, Slanina, John <jslanina@xxxxxxxxxx
> >
> > wrote:
> >
> > > Rob,
> > >
> > > Here is our setup is works fine.
> > > I don’t undertstand why you have the wildcard * after it.
> > >
> > >
> > > 21 SetEnv QIBM_CGI_CHANGE_CURLIB N
> > > 22 SetEnv QIBM_CGI_LIBRARY_LIST
> > >
> >
> "QTEMP;D1BRCOBJ;D1BRFILESU;D1BRCPGMSU;D1BRFILESN;D1BRCPGMSN;D1GENNEW;D1BRFILES;D1BRCPGMS;D1PENWORK;D1PENFILES;D1NIFILES;D1TRFILES;D1IC08XXCP;D1IC08XXP;D1MW08XXCP;D1MW08XXP;D1NI08XXCP;D1NI08XXP;D1TR08XXCP;D1TR08XXP;D1BRCPGMS1;GPL;QGPL;RDB40;"
> > > 23
> > > 24 <Directory />
> > > 25 Order Deny,Allow
> > > 26 Deny From all
> > > 27 </Directory>
> > > 28
> > > 29 <Directory /www/brctivod1/htdocs>
> > > 30 Order Allow,Deny
> > > 31 Allow From all
> > > 32 </Directory>
> > > 33
> > > 34 ScriptAlias /webapi
> /qsys.lib/D1BRCPGMS.lib/wsrpgm02.pgm
> > > 35
> > > 36 <Directory /qsys.lib/D1BRCPGMS.lib>
> > > 39 Allow From all
> > > 40 order allow,deny
> > > 41 Require valid-user
> > > 42 DefaultNetCCSID 819
> > > 43 AuthType Basic
> > > 44 AuthName ****
> > > 45 CGIJobCCSID 37
> > > 46 CGIConvMode EBCDIC
> > > 47 PasswdFile %%SYSTEM%%
> > >
> > >
> > > 48 </Directory>On 12/10/18, 11:24 AM, "WEB400 on
> behalf of
> > Buck
> > > Calabro" <web400-bounces@xxxxxxxxxxxx on behalf of
> kc2hiz@xxxxxxxxx>
> > > wrote:
> > >
> > > On 12/8/2018 11:48 AM, Rob Dixon wrote:
> > > > The header is correct for the initial display. Having
> got that
> > > screen, I
> > > > then started a service program for the job and set a
> > breakpoint at
> > > the
> > > > beginning of the calc specs for my CGI program, which,
> as I
> > have
> > > said, is
> > > > the same program that displayed my first screen. But
> when I
> > pressed
> > > Enter
> > > > to get the second screen, there was no breakpoint. There
> was
> > nothing
> > > in
> > > > CGIDEBUG for the second screen. but the log said
> > > >
> > > > [Sat Dec 08 14:18:19 2018] [error] [client 192.168.2.210]
> > > ZSRV_MSG0018:
> > > > File
> /QSYS.LIB/E310PRDOBJ.LIB/E31RPP.PGM/081780817443836/ does
> > not
> > > exist,
> > > > referer: http://192.168.2.70/cgi-bin/erros
> > > > [Sat Dec 08 14:18:19 2018] [error] [client 192.168.2.210]
> > > ZSRV_MSG0016: URI
> > > > in request POST /cgi-bin/E31RPP.PGM/081780817443836/
> HTTP/1.1
> > is not
> > > valid,
> > > > referer: http://192.168.2.70/cgi-bin/erros
> > > >
> > > > The relevant config lines seem to be
> > > > * 7* * ScriptAlias /cgi-bin/erros
> > > > /QSYS.LIB/E310PRDOBJ.LIB/E310H00000.PGM*
> > > > * 8* * Alias "/cgi-bin/" "/QSYS.LIB/E310PRDOBJ.LIB/"*
> > > > * 9* * ScriptAliasMatch ^/cgi-bin/(.*) /$1*
> > > > * 10*
> > > > * 11* * # ScriptAliasMatch ^/cgi-bin/(.*)
> > > /qsys.lib/E310PRDOBJ.LIB/$1*
> > > >
> > > > Line 7 executes correctly with the display of the first
> > screen. I
> > > have
> > > > tried it with line 11 instead of line 9 and the result
> is the
> > same.
> > >
> > > What's the URI after the first screen displays? Is it
> > > http://192.168.2.70/cgi-bin/E31RPP.PGM/081780817443836 If
> so,
> > wouldn't
> > > that assert ScriptAliasMatch and try to fire off program
> > > 081780817443836, which doesn't exist?
> > >
> > > --
> > > --buck
> > >
> > > http://wiki.midrange.com
> > > Your updates make it better!
> > >
> > > --
> > > This is the Web Enabling the IBM i (AS/400 and iSeries)
> (WEB400)
> > > mailing list
> > > To post a message email: WEB400@xxxxxxxxxxxx
> > > To subscribe, unsubscribe, or change list options,
> > > visit: https://lists.midrange.com/mailman/listinfo/web400
> > > or email: WEB400-request@xxxxxxxxxxxx
> > > Before posting, please take a moment to review the archives
> > > at https://archive.midrange.com/web400.
> > >
> > >
> > >
> > > --
> > > This is the Web Enabling the IBM i (AS/400 and iSeries)
> (WEB400)
> > mailing
> > > list
> > > To post a message email: WEB400@xxxxxxxxxxxx
> > > To subscribe, unsubscribe, or change list options,
> > > visit: https://lists.midrange.com/mailman/listinfo/web400
> > > or email: WEB400-request@xxxxxxxxxxxx
> > > Before posting, please take a moment to review the archives
> > > at https://archive.midrange.com/web400.
> > >
> > >
> >
> > --
> > Rob Dixon
> >
> > www.erros.co.uk
> > www.boarstall.com
> > --
> > This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
> > mailing list
> > To post a message email: WEB400@xxxxxxxxxxxx
> > To subscribe, unsubscribe, or change list options,
> > visit: https://lists.midrange.com/mailman/listinfo/web400
> > or email: WEB400-request@xxxxxxxxxxxx
> > Before posting, please take a moment to review the archives
> > at https://archive.midrange.com/web400.
> >
> >
> >
> > --
> > This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
> mailing
> > list
> > To post a message email: WEB400@xxxxxxxxxxxx
> > To subscribe, unsubscribe, or change list options,
> > visit: https://lists.midrange.com/mailman/listinfo/web400
> > or email: WEB400-request@xxxxxxxxxxxx
> > Before posting, please take a moment to review the archives
> > at https://archive.midrange.com/web400.
> >
> >
> --
> This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
> mailing list
> To post a message email: WEB400@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: https://lists.midrange.com/mailman/listinfo/web400
> or email: WEB400-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at https://archive.midrange.com/web400.
>
>
>
> --
> This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
> list
> To post a message email: WEB400@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: https://lists.midrange.com/mailman/listinfo/web400
> or email: WEB400-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at https://archive.midrange.com/web400.
>
>
--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.




As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.