Authentication

Syndicate content 12 

Hello everyone :-)

I would like to update Atelier from version 1.0.262 to the 1.3 one. So I clicked on Help --> Check for updates, and I get these first error messages:

"No updates were found in available software sites."

"Some sites could not be found. See the error log for more detail." etc. cf picture below talking about Proxy Authentication.

Last answer 16 September 2019 Last comment 30 September 2019
+ 1   0 4
90

views

+ 1

rating

This article, and following two articles of the series, is intended as a user guide for developers or system administrators, who need to work with OAuth 2.0 framework (further referred to as OAUTH for simplicity) in their InterSystems product based applications.

Last comment 27 September 2019
+ 12   5 6
4584

views

+ 12

rating

Hi,

I've a Service utilising the Adapter EnsLib.SQL.InboundAdapter, which uses a Credentials item set with the details of a local SQL account. This currently works, however, we're looking to use the credentials of an AD domain account.

The domain account is a member of an AD security group, which has the required permissions on the source SQL database. I've checked that access is possible with this account via SQL studio.

Last answer 19 September 2019
+ 1   0 3
0

comments

45

views

+ 1

rating

Hello, has anyone tried to use Caché as a reverse proxy ?

We are trying to embed a dashboard server (Plotly Dash in this case, but it could be anything which runs on its application server) inside our application which is written in Caché.  
The dashboard/report server runs locally (for example, or inside a LAN) on port 8080, and has no authentication features, so we have to implement them on a different layer, and we'd like to use Caché for it.

Last answer 5 September 2019 Last comment 4 September 2019
+ 1   0 4
117

views

+ 1

rating

OAuth server to be deployed on the IRIS learning cloud platform. Clients - one on the other instance of the learning IRIS server, the other client locally on my computer in the container docker.

Both clients get a seemingly correct link (through ##class(%SYS.OAuth2.Authorization).GetAuthorizationCodeEndpoint()) to the login request form:  

Last answer 3 September 2019 Last comment 2 September 2019
+ 1   1 2
83

views

+ 1

rating

Hello,

I'm new to Iris for Health and I'm trying to get some experience using it.  I've subscribed to the Intersystems Iris for Health software in AWS marketplace.  I successfully spun up the EC2 instance with the default security group.  The try-iris instance is healthy and successfully starts within EC2.  I've also successfully changed the default password too.

 However, I'm unable to authenticate into the management portal.  The portal launches okay though I keep getting an access denied.  I'm also unable to authenticate into a session from the EC2 instance.

 

Last comment 13 June 2019
0   0 1
0

answers

104

views

0

rating

Hi!

I have a qeustion if it possible to let Ensemble manage user rights from AD-user group?

What i want is to let external user have access to certain CPS-pages to read information. But not let them have access to Ensemble it self. And instead to set up individual accounts in Ensemble for each one of them i rather want to have dem in an AD-securitygroup.

Is that possible and also limit them only to choosen CSP-pages?

Last answer 19 February 2019 Last comment 21 February 2019
0   0 4
139

views

0

rating

Hi All,

Actually, I'm developing few restful API's. I want to create a authentication tokens and display it on my login restful API. If I'm using CSP sessionId, how can I validate the session Id's in another or continues restful API's. else, is there any other approach to handle this task. 

My Primary goal is, I have to integrate 2 different front end applications. One is Zen framework another one is web pages from Python. 

If any lead, it would be appreciated. 

Thanks,

Arun Kumar Durairaj. 

0   0 1
0

answers

0

comments

149

views

0

rating

Does anyone have any experience with getting, unfortunately, an older version of Cache to authenticate via SMTP to send email? I have verified that the settings are set up properly on the mailbox as I have successfully sent an email from a LAMP server, which comes from the same IP address.

If you have any thoughts, I would greatly appreciate it.

 

This is the error I receive

ERROR #6034: SMTP server connection failed during MAIL FROM command: <READ>zSend+105^%Net.SMTP.1.

Last answer 26 August 2018 Last comment 25 August 2018
0   0 4
1176

views

0

rating

Created by Daniel Kutac, Sales Engineer, InterSystems

Warning: if you get confused by URLs used: the original series used screens from machine called dk-gs2016. The new screenshots are taken from a different machine. You can safely treat url WIN-U9J96QBJSAG as if it was dk-gs2016.

Part 2. Authorization server, OpenID Connect server

Last comment 10 August 2018
+ 8   1 6
2511

views

+ 8

rating

I am doing an implementation of a SAML 2.0 SingleSignOn protocol integration which requires a signed message with the signature element in the body of the SOAP message, not the header as is default SOAP security handling. Any suggestions for how to do this would be greatly appreciated. When it is passed in the header, it is not processed by our partner and we just get a "Signature Required" response.

0   0 2
0

answers

0

comments

201

views

0

rating

Hi,

I have a problem with CSP Application Authentication, when the user input you correct password, however the message "Invalid password" returns.

This error returns just Cache password user type, for user delegated don't.

this error is momentary also, if you wait a moment, it stops.

Last comment 20 July 2018
0   0 2
0

answers

244

views

0

rating

Without installing Kerberos has anyone Authenticated a SQL JDBC connection? Currently we are using local SQL Accounts to sign onto External SQL Databases, but we are being told that we need to switch to Service accounts that live on a Active Directory Domain. 

I wrote with a little help a ZAUTHENICATE to do the Authentication for Ensemble, can I use something like that to connect to an External SQL Database using a Service Account on a Active Directory Domain?

Thanks

Scott

Last comment 7 June 2018
0   0 3
0

answers

229

views

0

rating

I need to offer new users on our system a temporary password that is valid for only 48 hours.  This is different than a 60-day password expiration window for existing users' passwords (where a password needs to be changed every 60 days), and is different than a "user expiration date", where you can set a date where the user's account expires and is disabled on that date, and different than the inactivity expiration date where a user becomes active if his account is not used within, say, 30 days.  

Last answer 21 March 2018 Last comment 21 March 2018
0   0 2
226

views

0

rating

I am setting up a new Caché instance and I have managed to configure it where Caché username/password is required to initiate the Caché session:

csdfalsdkfjf@fra23e234sco:/opt/labmed/test/test81/proc$ csession cache1

Node: frxxco, Instance: CACHE1

Username: 

I cannot find the setting in the management console that allows for unauthenticated login to a Caché session.  Any help is much appreciated.

 

 

Last answer 23 January 2018 Last comment 26 February 2018
0   0 5
593

views

0

rating

I am working on an ZAUTHENTICATE.mac to move us from local cache users to Delegated Authentication against LDAP. 

I have created a user role within my instance of Ensemble that matches the AD Group that I will be assigning everyone in my group to.  Is there a way to query the list of available Roles within Ensemble, and if one of my AD groups matches that role, set the role for that user?

How would I compare the AD Group against the Role listing?

Thanks

Scott

Last answer 17 February 2018 Last comment 20 February 2018
0   0 3
290

views

0

rating

I am working through trying to use ZAUTHENTICATE.mac and LDAP.mac to do Delegated sign on into Ensemble. In reading over the samples and the documentation, I am not clearly finding on how to set the Appropriate Role from the LDAP group I return. Can someone help explain this part to me? If I have a user sign on, and I return a "Group" from the Authentication, how do I get that to transform into the Role I need for Ensemble.

Thanks

Scott Roth

Last answer 12 February 2018
0   0 2
0

comments

259

views

0

rating

As many of you, our partners, are more widely using modern UI frameworks to create client front-end, you may have encountered a question, "So how do I secure my data when I just finished developing all new fancy browser based client experience?"

The answer is easy. Use a standard, proven OAuth2 and OpenID!

"OK, but how can I do it? I have never done it before."

No problem, just have a look here, if your client is Angular (not AngularJS) based, there is a demo project available for you to review and get inspired!

Last comment 13 November 2017
+ 6   0 4
817

views

+ 6

rating

Hi guys,

     I have accidentally clicked the remember password option in my Ensemble studio. So it is now not asking for username and password and even the authentication popup is not showing every time i open the studio.

    Is there anyway to remove the remember password option for the cache studio.

 

Thanks,

Last answer 3 November 2017
0   0 1
0

comments

183

views

0

rating

Hi everyone! My company has a Zen ERP application with CSP delegated authentication. Now, we're developing a separated BI application, using Angular, which consumes DeepSee REST API services. Both applications access the same Caché database.

How to implement single sign-on strategy in order to allow an already authenticated ERP user to access DeepSee REST services? Has anyone already implemented something like that?

Thanks in advanced.

Last answer 10 October 2017 Last comment 11 October 2017
0   0 3
334

views

0

rating

Unless I'm mistaken, 2017.1 doesn't appear to support RFC 7523 (JSON Web Token Profile for OAuth 2.0 Client Authentication and Authorization Grants).  Is that coming in 2017.2?

In order to support it in 2017.1, I'd have to override the OAuth 2.0 token endpoint to cater for the additional grant types - what's the best way to do this?

 

Thanks.

Last answer 6 June 2017 Last comment 13 June 2017
0   0 2
410

views

0

rating

It's almost a year since I have published a series of articles explaining how to configure Cache instance as a client / resource server / authorization server. By that time, the implementation of OAuth 2.0 was still a pre-release software.

+ 4   0 5
287

views

+ 4

rating