Passwordless mode for Dev Mode IRIS

Question

Question

Evgeny Shvarov · Feb 19, 2023

#Development Environment #Docker #Security #InterSystems IRIS

Hi folks!

Lately (maybe last 2-3 years) I develop with IRIS exclusively in docker - so iris instance I use for compiling and running IRIS apps is local.

And most every time I enter password for management portal and web-apps. The same password every time. Sounds familiar?

Is there an easy way to have a parameter in docker build for a "dev-mode" that will not ask me a password?

Product version: IRIS 2022.3

Discussion (8)1

Log in or sign up to continue

Robert Cemper · Feb 19, 2023

in iris.script for NSP %SYS add

set par("AutheEnabled")=64
set tSC=##class(Security.Applications).Modify("/csp/sys",.par)

the disadvantage:
You are UnknowUser and might need to add the required Roles as well.

set role="%All"
set tSC=##class(Security.Users).AddRoles("UnknownUser",.role,1)

----------------------
my personal approach is to have a fixed port for SMP
and save my _SYSTEM / SYS in browser with autofill.

1 0

Timo Lindenschmid · Feb 20, 2023

Hi, to create a really password less mode enable delegated authentication and create your own zauthenticate.mac that checks for your rules e.g. originating from local ip addresses etc and then logs your user in.

refer to: Delegated Authentication | Authentication Guide | InterSystems IRIS Data Platform 2022.3

2 0

score 0 · Answer 1 · 2023-02-20T00:25:21-05:00

Evgeny Shvarov · Feb 20, 2023

Thanks, Robert!

Fixed port is OK. but often I have more than one running docker image at the same time.

0 0

score 1 · Answer 2 · 2023-02-19T23:57:41-05:00

InterSystems does not want support for environment variables for password, as it’s expected by the world, and everyone doing it

as a side effect, there is no way to use services feature in GitHub actions, and I suppose such things may exist in other CI’s. But I found that it could be very useful, and at the moment I have to start IRIS in docker manually and reset password

score 1 · Answer 3 · 2023-02-20T00:24:42-05:00

Evgeny Shvarov · Feb 20, 2023

Could you please issue an idea?

1 0

score 0 · Answer 4 · 2023-02-20T00:33:35-05:00

Evgeny Shvarov · Feb 20, 2023

Interesting! Thanks!

0 0

score 0 · Answer 5 · 2023-03-10T15:18:41-05:00

BTW, turned out that @Sergey Mikhailenko has created and published the module that implements exactly this approach with delegated authentication.

So if you want to turn on the passwordless mode in your iris docker image just add the line:

zpm "install passwordless"

I already did it here in a basic IRIS template.

score 0 · Answer 6 · 2023-03-18T03:37:31-04:00

Evgeny Shvarov · Mar 18, 2023

We published a video on how to use it.

0 0