Tom Bruce · Feb 24, 2022

Mutual Authentication

Can an IRIS RESTful api implement mutual authentication?

If so, can you point me to the documentation.


Product version: IRIS 2021.1
0 193
Discussion (1)2
Log in or sign up to continue

Hi Tom. The REST API definition itself within IRIS is not where TLS is negotiated and terminated (and hence not where mTLS is defined) between client and server.

Requiring https over http, and, insisting on mutual authentication is defined in a Web Server layer which then in turn, communicates with IRIS on a seperate port and protocol.

You need to first install a supported web server, and then add the IRIS Web Gateway (see docs) to it. Prove that regular http request of the API work.

Then, on the web server, enforce HTTPS and mutual authentication.  See your chosen web server's documentation for how to do this. (InterSystems does not provide this of course). IIS, Apache and NGINX are supported.

Once that's done, clients can only access the IRIS Rest API over https, which is negotiated/terminated against the web server, which can also insisted on client authentication (mTLS).

Hopefully this post sets you on the right path.