Copy the code below and paste it in place of the code in the stylesheet in order to make these changes affect all your pages.

{% color "melody" color="#414042", export_to_template_context=True %} /* change your site's color here */

{% color "harmony" color="#ff5c00", export_to_template_context=True %} /* change your site's secondary color here */

{% set topHeaderColor = "#ff5c00" %} /* This color is solely used on the top bar of the website. */

{% set baseFontFamily = "Open Sans" %} /* Add the font family you wish to use. You may need to import it above. */

{% set headerFontFamily = "Open Sans" %} /* This affects only headers on the site. Add the font family you wish to use. You may need to import it above. */

{% set textColor = "#565656" %} /* This sets the universal color of dark text on the site */

{% set pageCenter = "1200px" %} /* This sets the width of the website */

{% set headerType = "fixed" %} /* To make this a fixed header, change the value to "fixed" - otherwise, set it to "static" */

{% set lightGreyColor = "#f7f7f7" %} /* This affects all grey background sections */

{% set baseFontWeight = "normal" %} /* More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set headerFontWeight = "normal" %} /* For Headers; More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set buttonRadius = '40px' %} /* "0" for square edges, "10px" for rounded edges, "40px" for pill shape; This will change all buttons */

After you have updated your stylesheet, make sure you turn this module off

OpenLegacy Blog

New Channels, New Concerns? Let’s Talk iSeries (AS/400) Security.

Share this:

You can open your IBM i (AS/400) applications to new channels — without sacrificing security.

So, you finally decided to pull the trigger (or convinced your bosses to) and your digital transformation is underway. Now you’ll be able to open your IBM i applications and deliver the modern digital services your staff and customers are demanding. These demands may include access to data when away from the office, mobile applications to allow customers to use your services directly, or better ways to connect to cloud based partner applications. The promise of “access from anywhere” is like a dream come true!

But, what about security?

The more you think about it, the more you may start to worry that “access
from anywhere” could actually be a nightmare. But it doesn’t have to be.

You just have to think it through during implementation – you may even find that your current processes and procedures are already a solid foundation.

For example, IBM i applications are traditionally secure because they force users to log in for each session. Some companies might have added web services with XML strong typing. The issue is many companies want to complete digital transformation with modern JSON based APIs. If the solution chosen is designed right, you can keep your current login procedure but add some modern security built for the web. Also, if the implementation of the JSON API is Java based, then strong type checking is included.

Security starts with the login and authorization, so managing user registration and identities is critical. A service like Users Account and Authorization (UAA) Server, the identity management service for Cloud Foundry, is an OAuth2 provider that issues tokens for client apps to use when they act on behalf of Cloud Foundry users, to authenticate their credentials.

The open oAuth protocol is a proven winner, purpose-built to allow secure
authorization in a standard method from web, mobile and desktop
applications. UAA is powered by OAuth 2.0, the next evolution of the protocol

What makes OAuth 2.0 such a good fit is that it focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. OpenLegacy REST API projects provide active OAuth 2.0 support out of the box. Registration of clients is possible from the management console or optionally open for public client registration.

Now without getting too technical, UAA’s architecture intercepts requests at the gateway level and separates logic into different microservices. From a security standpoint, the benefit is that each request only pulls a small amount of data that the specific microservice needs. So, in the case of any compromise, the requester doesn’t get access to the whole system – only to the specific data that microservice requests.

The system of record remains your IBM i system, and a UAA service job would then become the central repository for all your microservice authentication needs. So, attacks would have to go through two levels of authentication.

For our clients, the microservice-based OpenLegacy platform offers SSO (Single Sign-On) on the gateway to query the UAA about requests and relays tokens downstream to all other microservices. This is a critical difference from other solutions, in that OpenLegacy calls the client’s system directly from the API. This allows the authentication to go through our clients’ currently-used systems.

In terms of timing, implementation is straightforward, and the service is ready to go right out of the box, so you should see minimal downtime to your existing system. In addition to the ease of use of SSO, there are a number of other benefits you’ll see almost immediately:

  • Safer user authentication with centralized identity management
  • The ability to delegate access to services
  • Simpler user account management
  • Easier token management through client application registration

As you see, you can open your IBM i applications to new channels and keep your systems secure. With just a little bit of foresight and planning, you can rest easy when it comes to “access from anywhere.” OpenLegacy offers a default implementation to manage clients and users and easily plug and play the solution in a microservice or any other location.

Learn more about solving common IBM i challenges in our May 8 webinar, "How to Leverage Your IBM i (AS/400) Applications in New Channels."

Tags: IBM System i / AS/400, IBM i

Share this: