Configuring AS-400 Servers (Visual-Web Runtime)

Client/Server configuration

Prerequisites: The AS/400 part of Adelia Studio must be installed on the AS/400.

The AS/400 server procedure contains a number of stages, as explained below:

1. On the AS/400, create your users using the CRTUSRPRF IBM command.

    The initial library list (keyword INLLIBL) in their job description (JOBD) must contain:

• • • the HA2SLIB library,
    • the library containing the AS/400 server modules generated,
    • the library containing the SQL tables or files used.

2. On the AS/400, start TCP/IP using the STRTCP IBM command.

3. Then, start the Adelia daemon using the STRAWSSVR Adelia command in the HA2SLIB library.
    This command submits a job (AWSDAEMON) which listens for connection requests sent by the Adelia Studio development workstations.
    Command parameters:

• • • PORT_NAME: set to "AWS_SERVER" by default; this parameter is used to specify a TCP/IP service name if the PORT_NBR parameter is optional.
    • PORT_NBR: Port 910 is used by default. This parameter can be used to specify a different port.
    • TIMEOUT: Specifies the timeout beyond which any orphan server processes (i.e. processes whose client parts are no longer responding) are terminated. If TIMEOUT is set to 0 or is not specified, the timeout will be disabled. The timeout is set to 0 seconds by default. The minimum value is 60 seconds.

Important: The profile used to start the Adelia daemon must possess the AS/400 authorities *ALLOBJ , *JOBCTL , and possibly the *SECADM authority.

The HA2SLIB library must appear in the initial library list (keyword INLLIBL) in its job description (JOBD).

The daemon can be started up so that connections are encrypted.

The startup parameters are provided via the following STRAWSSVR command options:
- TLS(*YES/*NO): If *YES, the daemon is started up in TLS mode. In this mode, communications among client and server programs are encrypted.
- CERT(<certificate_file_name>): name of file containing the certificate string for TLS encryption. The file must be in PEM format and stored in the IFS.
If the parameter is not provided, the daemon will attempt to load the /opt/adelia/adelia-middleware-cert.crt file.
- KEY(<key_file_name>): name of the file containing the private key corresponding to the server certificate. The file must be in PEM (PRIVATE KEY) format. 

If the parameter is not provided, the daemon will attempt to load the /opt/adelia/adelia-middleware-key.key file.

By default, the daemon started up in TLS mode does not accept connections of clients in a previous version.

The connection can be authorized by creating a DTAARA called MWINSEC (CHAR(1)) containing the character '1' in the library list.

CRTDTAARA DTAARA(HA2SLIB/MWINSEC) TYPE(*CHAR) LEN(1) VALUE('1')

Warning: in this case, the connection is authorized but is not encrypted for clients of a lower version.

Important note: if the daemon is started up with a server certificate that is self-signed or signed by a private certification authority, the server or authority certificate must be saved in the client workstation trusted certificate store.

See Middleware operating in TLS mode page for more information.

If the AS/400 server is configured to allow Single Sign-on - Enterprise Identity Mapping (EIM) configuration, the daemon can be started by authorizing Single Sign-On (SSO) via Kerberos.
To do this, you need to specify the authentication parameters in the "MWAUTH" DTAARA with 256 characters. The DTAARA contains a character string indicating the configuration options separated by commas.

The following options are available:

Example:

authMode=MIXED,eimBindDn=cn=Administrator,eimBindPassword=CRYPT(3E73229718EB85D282)

In the absence of the DTAARA, the daemon operates in standard mode (user/password).

The daemon can be stopped using the following command:

ENDTCPCNN PROTOCOL(*TCP) LCLINTNETA(*) LCLPORT(<port number>) RMTINTNETA(*) RTMPORT(*)

↑ Top of page