Configuring the Application Server on IBM i

To configure Password Reset and Multi Factor Authentication applications in IBMi WebSphere, follow these steps:

1. In your web browser, navigate to http://IBMi-IP:2001/HTTPAdmin where IBMi-IP is the IP address of your IBM i.

2. Sign on with QSECOFR or similar profile with enough special authorities.

3. Click on Create Application Server located in Manage > Application Servers > Common Tasks and Wizards > Create Application Server.

4. Select V8.5. and specify Application Server Name, for example, RazleePRMFA.

5. Enter a User ID to be fixed for this server. This should be a power user with a valid password and *SIGNOFF special authority. In the following screen, it's "victor".

   

    

6. Click on Manage Installed Applications located in Applications and click Install.

   

    

7. In Path to application, click Browse , select /iSecurity/PRWEB/tomcat9-pr.war and click Next.

   

    

8. Change the Application name from tomcat9-pr to pr and the Context root from /tomcat9-pr to /pr. Click Next. Click Finish.

   

    

9. To start the server, click on the Start button on the left top.

   

    

   The following screen shows that the application is now active.

   

    

To check that Password Reset application is working, navigate in your web browser to http://IBMi-IP:10000/pr/, where IBMi-IP is the IP address of your IBM i.

 

To check Multi-Factor Authentication enter the command STRMFA > 81 > 52.

​                         ​ Multi-Factor-Authentication​            ​ iSecurity/MFA​  ​ The following entries are considered locally even in a multi-system setting​     ​ Skip MFA if error in person definition​ ​ N​          ​ Y=Yes, N=No​                 ​ Skip MFA for same User/IP if within  .​ ​    3​       ​ 1-1440 minutes​              ​ Maximum wait time for entry  . . . . .​ ​  3​         ​ 3-15 minutes​ For MFA & AOD​  ​ Maximum TOTP attempts  . . . . . . . .​ ​ 3​          ​ 1-9​                         ​ Maximum number of Emergency tokens . .​ ​ 10​         ​ 0-10​                        ​ Time-based One-time Password (TOTP) can be replaces by Emergency tokens       ​  ​ One Time Password (OTP) length . . . .​ ​  6​         ​ 4, 6, 8 or 10 characters​    ​ Default for allow OTP instead of TOTP.​ ​ N​          ​ Y=Yes, N=No​                 ​ Protect TCP services​    ​ FTPSRV/REXEC.​ ​ Y​  ​ File Server . .​ ​ N​  ​ Y=Yes, N=No​    ​ Used in TCP Enablement ​ ​ FTP Client. .​ ​ Y​  ​ Remote Pgm/Cmd.​ ​ N​                  ​ and in MFA check       ​ ​ TCP Signon. .​ ​ N​  ​ DDM/DRDA  . . .​ ​ N​                                           ​ ODBC  . . . .​ ​ Y​                                       ​ FileServer max time to consider safe .​ ​    3​       ​ 1-1440 minutes​              ​ Web server URL​ E.g http://1.1.1.10:8080/pr ,​ pr​ is the web application name​             ​  http://IBMi-IP:10000/pr                                              ​  ​ No MFA: User​           ​           ​           ​           ​ ​ or Device​ DSP01     ​  ​ Adjustments for MFA usages, including filters, can be set by user program     ​  ​ SMZODTA/MFADJUST. See explanations and example in SMZO/ODSOURCE MFADJUST      ​                                                                                                                                                                    ​ F3=Exit​  ​ F12=Previous​                                                          ​                                                                             ​  ​  ​

Then Enter the command STRMFA > 1 > 1 and enter 8 in the Opt field for the Person.

To create TOTP Secret Key, select 1. Create/Replace TOTP Secret Key and then 4. Display QR code.