× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. October 2017

RE: Single sign-on for IBM Navigator for i?

See answers below.

This is not wanting to do SSO using IBM provided tools like I nav or web query or access for the web for 5250. This is a custom inhouse written web site running under apache using some RPG CGI, Some java and some websmart as the development tool set. We current use custom java code to put up a web page asking for username and password, take that response and send an LDAP request to active directory and if AD says its good we "log them on" with a session iD. They are not logged on to the iSeries as an iSeries userprofile.

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Hiebert, Chris
Sent: Tuesday, October 17, 2017 10:26 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Subject: RE: Single sign-on for IBM Navigator for i?

Are you using the web I nav? No
Are you using Windows? Yes but not all users use windows
What browser are you using? All of them if you consider all our users. I use Chrome
IE does the Kerberos tickets natively.
I'm not sure about chrome.
In Firefox you may need to modify some about:config settings like:

network.negotiate-auth.trusted-uris .example.com network.auth.use-sspi false network.negotiate-auth.delegation-uris .example.com network.automatic-ntlm-auth.allow-non-fqdn;true
network.automatic-ntlm-auth.trusted-uris;.example.com

If your web I nav isn't using ssl certs you may need to toggle this one:
network.negotiate-auth.allow-insecure-ntlm-v1



Are you using the java navigator iAccess Client?
Then you need to configure the connection to use Kerberos.


Chris Hiebert
Senior Programmer/Analyst
Disclaimer: Any views or opinions presented are solely those of the author and do not necessarily represent those of the company.


-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Justin Taylor
Sent: Friday, September 29, 2017 11:29 AM
To: midrange-l@xxxxxxxxxxxx
Subject: RE: Single sign-on for IBM Navigator for i?

I see now. You mean the outline headings (Part 1, Part 2, Part 3). Those are about basic EIM setup. I have EIM working fine, and my browser uses EIM to access my Apache servers. When I go to the link for IBM Navigator for i, it still gives me a signon page.

Is there a different URL or something to use EIM?



From: Tim Rowe [mailto:timmr@xxxxxxxxxx]
Sent: Friday, September 29, 2017 12:24 PM
To: Justin Taylor <JUSTIN@xxxxxxxxxxxxx>
Cc: midrange-l@xxxxxxxxxxxx
Subject: RE: Single sign-on for IBM Navigator for i?

scroll down..
[X]

Here are the separate links to the details...
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%20i%20Technology%20Updates/page/Preparing%20Windows%20Domain

https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%20i%20Technology%20Updates/page/Configure%20IBM%20i

https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%20i%20Technology%20Updates/page/Setup%20Browser

Tim Rowe, timmr@xxxxxxxxxx<mailto:timmr@xxxxxxxxxx>
Business Architect Application Development & Systems Management for IBM i IBM i Development Lab, Rochester, MN
(507) 253-6191 (Tie) 553-6191

http://www-03.ibm.com/systems/power/software/i/are/index.html

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link: http://amzn.to/2dEadiD
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link: http://amzn.to/2dEadiD

________________________________
This email may contain confidential information about a Pennsylvania College of Technology student. It is intended solely for the use of the recipient. This email may contain information that is considered an “educational record” subject to the protections of the Family Educational Rights and Privacy Act Regulations. The regulations may be found at 34 C.F.R. Part 99 for your reference. The recipient may only use or disclose the information in accordance with the requirements of the Federal Educational Rights and Privacy Act Regulations. If you have received this transmission in error, please notify the sender immediately and permanently delete the email.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.