Authenticated Sessions

Owned by Brian May
Last updated: Aug 16, 2023 by Jessica Tomkins
2 min read



This type of session requires the user to sign in using an IBM i operating system profile. This type of session is appropriate for the typical IBM i application that controls user access and authority through operating system profiles.

When an authenticated session is launched, the user will be presented with a sign on panel. The sign on panel is a rich display file PROFOUNDUI/PUISCREENS that is customizable. The user’s profile name and password are validated by the operating system.

On successful sign on, the user’s initial program is called.

Initial Programs in Authenticated Sessions

Initial programs in for authenticated sessions are registered in database PROFOUNDUI/PUI0001201. It is recommended to use the maintenance dialog in the Profound UI designer to maintain this file but if you are in a production environment and don't have the visual designer, details are available here.

The dialog can be accessed using the Launch->Maintain Initial Programs dialog.

The default initial program applies to all users who do not have initial programs assigned to their user profile in the database. In a lot of cases, customers will configure a single default initial program and have no user-specific initial programs.

However, the default program can be overridden by adding a user-specific record.

In either case, an authenticated session is a single entry point system.

Security for Authenticated Sessions

On successful sign on, the initial program specified will be called. The IBM i application job will run under the authority of the signed in user profile, so IBM i object-based security will function as normal.

It is then the responsibility of the program to ensure that only appropriate access to data or functions is provided.

Launching an Authenticated Session

An authenticated session can be launched using the following URL:

http://YourSystem:8080/profoundui/start

Also, a session can be launched from the Profound UI designer using Launch->Launch Session.

Customizing the Sign-On Panel

The sign on panel is provided by record format SIGNONSCRN in display file PROFOUNDUI/PUISCREENS.

Rich DDS source code is located in PROFOUNDUI/QDDSSRC. There are other panels in this display file that control panels that are displayed when the job ends or when an error occurs.

All panels can be customized by customers.

Customizations that can be made are any that do not affect the record format level of the file.  This means that constant text can be modified, colors can be changed, widgets can be added, etc.

However, no changes to field binding are allowed. This would change the record format level of the panel. Unsupported changes include adding/removing bound fields or changing the data type, length, or order of bound fields.

When customizing these panels, the customer should keep the customized DDS source code in a library separate from the PROFOUNDUI product library, as the Profound UI installer will refresh the PROFOUNDUI/QDDSSRC.PUISCREENS source member on each product update. 

The compiled PUISCREENS display file object must be placed into the PROFOUNDUI product library. The object will never be overwritten when updating the product.