#Authentication

Hey Community,

Tired of entering login-password during the docker build with your InterSystems IRIS every time?

There is a handy way to turn it on and off – use the passwordless zpm module.

Watch this video to explore how to use the passwordless ipm module to turn on and off entering login-password during docker build with your InterSystems IRIS:

⏯️ Passwordless mode for development with InterSystems IRIS

I've been trying for a while now to get OS authentication working on IRIS running on Ubuntu 20.04 and subsequently 22.04. I have the following authentication methods enabled for %Service_Terminal:

• Operating System
• Password
• Operating System Delegated Authorization

And i have these options selected in Authentication/Web Session Options:

Recently i've been using Restforms2 to create a CRUD API for a project. But it lacks some advanced functionality that we need, so we have created a production with a REST WS which handles those advanced methods. That works great but there's a drawback, it does not have authentication.

I would want to use the same authentication method as Restforms2 which is a basic auth using IRIS users and passwords.

Has anyone successfully implemented Multi-factor Authentication for TrakCare?

In our current UCR arhcitecture, we use two installations. We have one machine with Access, Registry and Edges and one machine with the ODS. On the machine with the Registry, I can create a user/clinician. When I log into the management portal with this user, a so-called delegated user is created in the cached users table. So far everything is going well.

When I try the same on the machine with the ODS I get the message : 'ERROR #822: Access Denied' . so no delegated user is created.... Does anyone have any idea where I can find the solution?

Getting proctect error on csp custom login page.

It says to add role to CSPSYSTEM i have given role to db (rw i would like to change to R once working). It has not solved issue

While the documentation of configuring authentication with Kerberos for IRIS on Linux servers is sparse, for docker i found no docs at all. Assuming I would be able to adapt the requirements from linux to docker (on linux host) I had no success at all. Has anyone successfully done this?

Many password requirements can be enforced using a password validation routine which is available to implement in System Management Portal. But how about this one:

Check that at least 50% of the characters changed from old password to new password.

We need to have access to the old password to check this, currently password validation routine only gets the new password.

I am working on iris-for-money app: https://github.com/oliverwilms/iris-for-money

Account.csp posts a rest call with _SYSTEM username and the password.

xhttp.open("POST", "/restapi/sql/" + query, true,"_SYSTEM","SYS");
xhttp.send();

The error is logged in Riches.REST for this line:

Set tSC = tStatement.%Prepare(pQuery)

Hi! I'm banging my head to the wall with HMAC authentication. I have tried to implement this various ways but nothing seems to work.

If someone could help on this it would be great!

Here is a code that I have tried and working Javascript example, tested on Postman.

I am doing an implementation of a SAML 2.0 SingleSignOn protocol integration which requires a signed message with the signature element in the body of the SOAP message, not the header as is default SOAP security handling. Any suggestions for how to do this would be greatly appreciated. When it is passed in the header, it is not processed by our partner and we just get a "Signature Required" response.

In this article I will demonstrate basics of OAuth2 authentication with GitHub account with the help of online demo
https://dappsecurity.demo.community.intersystems.com/csp/user/index.csp by using SuperUser | SYS

Hi Developers!

Here're the technology bonuses for the Security Contest 2021 that will give you extra points in the voting:

• Basic Authentication usage - 2
• Bearer/JWT Authentication usage - 3
• OAuth 2.0 usage - 5
• Authorization components usage - 2
• Auditing usage - 2
• Data Encryption usage - 2
• Docker container usage - 2
• ZPM Package deployment - 2
• Online Demo - 2
• Code Quality pass - 1
• Article on Developer Community - 2
• Video on YouTube - 3

See the details below.

Hello,

I'm hoping to get some feedback on the OAuth process flow for Payer-to-Payer authorization. It doesn't seem that "Authorization Code Flow" is needed as there will not be a need for a login. I am leaning towards recommending "Client Credentials Flow", but wanted to get some community feedback before making a decision. I prefer to follow what the standard will be if possible. What would you recommend? Thank you in advance for your input.