Question
· Mar 17, 2023

Custom %CSP.Login for app /csp/sys

Hi guys, I defined a subclass to %CSP.Login and assigned csp/sys login page to this subclass:


But did not work, I get this error:


And more, the default %CSP.Login continues to be called to login when the user not logged yet
So, how can I do to replace the default %CSP.Login by my subclass?

Product version: IRIS 2022.3
Discussion (8)3
Log in or sign up to continue

Check carefully. Note -- in ^%ISCLOG (with percent) you enable the log. Then you read ^ISCLOG (without percent) in %SYS namespace.
When I repeated steps that I suggested to you, I saw the following error in ^ISCLOG

/* ERROR #5002: ObjectScript error: <PROTECT>^%CSP.Login.1 ^|^^c:\intersystems\iris2023x1\mgr\|dc.CustomLogin.1 */

Then I enabled auditing of Protect events, reproduced the eror and got more details:

Description:  Attempt to access a protected resource
Timestamp:    2023-03-19 16:01:38.000   Username:     CSPSystem
UTCTimestamp: 2023-03-19 15:01:38.000   Pid:          10896
Event Source: %System                   JobId/JobNum: 131089/17
Event Type:   %Security                 Session ID:   eK95W6SMCS
Event:        Protect                   IPAddress:    127.0.0.1
System ID:    DEP5570AKOBLOV:IRIS2023X1 Executable:   CSPa24.dll
Namespace:    %SYS                      Index:        196
Roles:
User Info:                              O/S User:     CSP Gateway
Routine:      ^%CSP.Login.1 |"^^c:\intersystems\iris2023x1\mgr\irislib\"|
Authentication: Password
Event Data:
<PROTECT>^%CSP.Login.1 *^|^^c:\intersystems\iris2023x1\mgr\|dc.CustomLogin.1

Indeed, user CSPSystem does not have READ permission on irissys database, where custom login class is located. Rather I should have created a new role that has only READ permission on %DB_IRISSYS resource, not RW.

I added role %DB_IRISSYS to user CSPSystem, closed connections from Apache to IRIS, so that the role is added on new connection, then login page began to work

To create a custom CSP login page:

  1. Ensure that the Web Gateway user (CSPSystem) has permissions to read the database for where the custom login page is located. Assign the desired database resource to an appropriate role, and then assign that role to the CSPSystem user.

See:
https://docs.intersystems.com/irislatest/csp/docbook/DocBook.UI.Page.cls...

And...this is the demonstration that the feedback button in the documentation pages really does work!
I admit I ran into this problem sometime ago, after realizing the problem I felt the documentation had to mention that "detail"....so I pressed the feedback button and filed the request/advice.

Now that "detail" is the first step in the recipe of creating a custom login page.

Well done InterSystems Documentation team!

Now we only need to encourage people to actually read the documentation wink

Or search the community:
https://community.intersystems.com/post/custom-login-page-iris

Enrico smiley