Sign-in Security for Web Users
The EnterpriseOne security server and the F98OWSEC table authenticate Java/HTML, portal, and interoperability users who sign in to JD Edwards EnterpriseOne across the internet to the JAS security server. The JAS security server acts as an interface between the web user's client workstation and the security server.
When web users sign in, disconnect, or make a password change, the HTML server sends the request using a JDENET message to the security server, which, in turn, accesses the F98OWSEC table. The security server then returns the authentication through a JDENET message to the JAS security server. If the user is authenticated, the security info is cached to the JAS security server.
The JAS security server acts as an intermediary between the Java/HTML, Portal, and Interoperability client and the security server.
This graphic displays a process flow for sign-in security with unified logon (prior to release 9.2.2 only) for web users:
As the security intermediary, the JAS security server handles these tasks:
Connecting to the EnterpriseOne security server for user security authentication and password when a web user signs in.
Switching to a secondary EnterpriseOne security server when the primary server is down, provided the correct jas.ini settings are defined.
Notifying Java/HTML, Portal, and Interoperability client workstations when a user password has expired.
If an Interoperability user's password has expired, sign-in fails without notification of the cause.
Sending error message to user log after the web user has attempted unsuccessfully to sign in x number of times to EnterpriseOne, where x is the number of sign-in attempts defined in the F98OWSEC table.
Allowing Java/HTML and Portal users to change name and password.
Encrypting JDENET messages sent between the JAS security server and the EnterpriseOne security server.
Keeping a valid user session open until the user signs off or the session expires.
To the web user, sign-in and sign-out function the same as they do to a user on Windows, UNIX, or IBM i platforms.
To set up security for web users through the EnterpriseOne security server, add these parameters to those that already exist in the jas.ini file:
[SECURITY] Parameter in jas.ini File |
Parameter Value |
|---|---|
NumServers |
Total number of EnterpriseOne security servers that are available to web users signing on to the system. If this parameter is missing, the default value is 1 and the primary security server handles the sign-in. |
SecurityServer |
Name of the primary security server. |
SecurityServerN |
Name of the secondary security server. The value of N is 1 for the first secondary server, 2 for the second, and so on. Assign values to this parameter if you want sign-in to switch to a secondary server if users cannot sign in to the primary server. |
UserLogonCookie= |
If the value is TRUE, the user can save signon information (username, password, and environment) in an encrypted cookie on the workstation and does not have to type the information in for subsequent sign-ins. If the value is FALSE, the feature is disabled. |
#CookieLifeTime unit |
Unit of time used to measure a cookie's lifetime. For example, the parameter value day means that the cookie's lifetime is measured in days. |
Cookie LifeTime |
Amount of time before a cookie expires. The unit of measure is defined by the #CookieLifeTime unit parameter value. If that value is day and the value of the Cookie LifeTime parameter is 7, the cookie expires in seven days. |
If you define one primary server and two secondary servers, the jas.ini file [SECURITY] settings look like this example:
NumServers=3 SecurityServer=JDED SecurityServer1=JDEC SecurityServer2=corowhp2 UserLogonCookie=TRUE #CookieLifeTime unit is day CookieLifeTime=7
If you define one or more secondary servers, sign-in fails over to the secondary server if the primary server is down. If both the primary EnterpriseOne security server and a secondary server as defined in the jas.ini file fail, the HTML Server fails the user sign-in.
If you do not define a server number or any secondary servers, the jas.ini [SECURITY] settings look like this example:
[SECURITY] SecurityServer=JDED UseLogonCookie=TRUE CookieLifeTime unit is day CookieLifeTime=7