Custom %CSP.Login for app /csp/sys
Hi guys, I defined a subclass to %CSP.Login and assigned csp/sys login page to this subclass:
But did not work, I get this error:
And more, the default %CSP.Login continues to be called to login when the user not logged yet
So, how can I do to replace the default %CSP.Login by my subclass?
Comments
Does it work if you call your class with full reference? I mean not for Login?
NOT found is suspicious somehow
The value into Login Page field is right, the problem was CSPSystem permission
Yuri, enable ISCLOG, reproduce the error, disable ISCLOG and then check if it has any errors, e.g. <PROTECT> errors.
%SYS>kill ^%ISCLOG, ^ISCLOG %SYS>set ^%ISCLOG = 3 //reproduce the error %SYS>set ^%ISCLOG = 0 %SYS>zw ^ISCLOG
Afaik, with custom login pages user CSPSystem needs to have READ permissions on a database where custom login page class is located
Nothing, log empty. Very difficult to set up custom login, I've given up, thanks
Check carefully. Note -- in ^%ISCLOG (with percent) you enable the log. Then you read ^ISCLOG (without percent) in %SYS namespace. When I repeated steps that I suggested to you, I saw the following error in ^ISCLOG
/* ERROR #5002: ObjectScript error: <PROTECT>^%CSP.Login.1 ^|^^c:\intersystems\iris2023x1\mgr\|dc.CustomLogin.1 */
Then I enabled auditing of Protect events, reproduced the eror and got more details:
Description: Attempt to access a protected resource
Timestamp: 2023-03-19 16:01:38.000 Username: CSPSystem
UTCTimestamp: 2023-03-19 15:01:38.000 Pid: 10896
Event Source: %System JobId/JobNum: 131089/17
Event Type: %Security Session ID: eK95W6SMCS
Event: Protect IPAddress: 127.0.0.1
System ID: DEP5570AKOBLOV:IRIS2023X1 Executable: CSPa24.dll
Namespace: %SYS Index: 196
Roles:
User Info: O/S User: CSP Gateway
Routine: ^%CSP.Login.1 |"^^c:\intersystems\iris2023x1\mgr\irislib\"|
Authentication: Password
Event Data:
<PROTECT>^%CSP.Login.1 *^|^^c:\intersystems\iris2023x1\mgr\|dc.CustomLogin.1
Indeed, user CSPSystem does not have READ permission on irissys database, where custom login class is located. Rather I should have created a new role that has only READ permission on %DB_IRISSYS resource, not RW.
I added role %DB_IRISSYS to user CSPSystem, closed connections from Apache to IRIS, so that the role is added on new connection, then login page began to work
Worked! Thanks!
To create a custom CSP login page:
- Ensure that the Web Gateway user (CSPSystem) has permissions to read the database for where the custom login page is located. Assign the desired database resource to an appropriate role, and then assign that role to the CSPSystem user.
See:
https://docs.intersystems.com/irislatest/csp/docbook/DocBook.UI.Page.cl…
And...this is the demonstration that the feedback button in the documentation pages really does work!
I admit I ran into this problem sometime ago, after realizing the problem I felt the documentation had to mention that "detail"....so I pressed the feedback button and filed the request/advice.
Now that "detail" is the first step in the recipe of creating a custom login page.
Well done InterSystems Documentation team!
Now we only need to encourage people to actually read the documentation 
Or search the community:
https://community.intersystems.com/post/custom-login-page-iris
Enrico 
I read this documentation and not detail how to fill the Login Page field