I should clarify - there is no way directly in basic auth. If you are using basic auth tied to a validation list, you are still out of luck. However, if you are using basic auth tied to IBM i user profiles and passwords, our Advanced Auth running in Out of Band mode can work. It works by disabling all user profiles. This prevents sign on from any interface, including basic auth. Then the users have to FIRST use an out of band process (green screen) to enable their profiles BEFORE going to the web interface. This starts a timer (15 mins - admin changeable) where there account is enabled and can sign in. After the timer expires, the account is disabled again. But this would require the users to remember to do this before the web login and that they also have green screen emulators and access for ports 23 or 992.
------------------------------
Robert Andrews
Executive Security Consultant
Rochester MN
+1-507-253-4205
------------------------------
Original Message:
Sent: Wed November 09, 2022 08:29 AM
From: Michael Geldert
Subject: MFA for HTTP on IBMi
Thanks Robert,
Our application is running on the HTTP server (IBMi) with basic Auth. We are running ProfoundUI to front end our application and that's the standard config. Any idea how we'd be able to implement some sort of MFA?
------------------------------
Michael Geldert
Original Message:
Sent: Sun January 16, 2022 12:22 PM
From: Robert Andrews
Subject: MFA for HTTP on IBMi
The IBM Systems Lab Services Advanced Authentication (MFA) asset allows you to call to call it as a service program. So the question becomes are you running straight up Apache using something like basic auth against an OS user or is there an app server (WAS, Tomcat, Liberty) that would allow you to code in a call to a service program?
You can see more about Advanced Auth (read the manual, watch a video demo) on our website at https://ibm.biz/IBMiSecurity
------------------------------
Robert Andrews
Executive Security Consultant
Rochester MN
+1-507-253-4205
Original Message:
Sent: Thu January 13, 2022 03:32 PM
From: Michael Geldert
Subject: MFA for HTTP on IBMi
Has anyone implemented MFA for thier applications running on IBMi's HTTP server? I'm trying to determine what options I have. Some of the vendors (Helpsystems, Precisley) have MFA solutions but not specifically to work with HTTP.
------------------------------
Michael Geldert
------------------------------