TLS, the successor to SSL, stands for Transport Layer Security and provides security (i.e. encryption and authentication) over a TCP/IP connection. If you have ever noticed the "s" on "https" URLs, you have recognized an HTTP connection "secured" by SSL/TLS. In the past, only login/authorization pages on the web would use TLS, but in today's hostile internet environment, best practice indicates that we should secure all connections with TLS.
I have an API set up in IRIS which is secured using an IRIS authentication service, so there is a bearer token being passed down in the request header.
Does calling the BIND method of %SYS.LDAP, with the username, domain and password of the user that needs to be authenticated- the right way to authenticate him/her ?
Also - am I correct in assuming that something like this is independant to (and I don't need to specify setting for), System Security -> LDAP Options
A colleague gets ERROR #822: Access denied every time he tries to log in via Management portal. It is NOT the case of wrong credentials: I reset his password password to a temporary one so it would prompt him to create a new one upon first login. He did get the prompt, changed his password and his next attempt at logging in displayed the same error.
One of the most common kinds of integration we are asked to do is emailing. One of the most typical email services our customers use is Microsoft’s Office 365. After setting up the right configuration on the Microsoft side, we can email from IRIS with two HTTP requests.
At hackathons that InterSystems participated and I supported, many students were asking how all their teammates could use the same IRIS database that they spun up in a container. I suggested using ngrok to expose their localhost IRIS and realized we don't have documentation on that. Hence, I thought this would be great to let more people knwo about this powerful technique for enhancing collaboration during development and testing.
I need to connect to a SFTP server and I seem to connect and timeout have tested the connection using File-zilla and the connection was successful but the problem is when I try to connect using the FTP in bound adapter service I get the following errors.
ERROR <Ens>ErrOutConnectExpired: FTP Connect timeout period (120) expired for ***************.com:990/******/SSL='********* + ERROR <Ens>ErrFTPConnectFailed: FTP: Failed to connect to server ***************.com:990/******/SSL='********* (msg='Timeout waiting for response',code=529)
Over the past couple of months, I have been working on the SMART on FHIR EHR Launch to test the capabilities of IRIS for Health using two open-source apps from CSIRO: SMART-EHR-Launcher and SMART Forms App. This journey has been incredibly interesting, and I’m truly grateful for the opportunity to work on this task and explore more of IRIS for Health’s potential.
Our client says the call to send email (method (%Net.SMTP).Send) started returning error # 6167 (Authentication expected but failed.) after installing IRIS 2022.1.2; email had worked before. Properties (%Net.Authenticator).UserName and .Password were configured. We can get email to work when we don't set property (%Net.SMTP).authenticator.
I need to read a directory on a remote server which requires a user to be su.
The question is how to correctly read the server response and then to send a su password using IRIS device I/O API (I'm able to read other commands output such as uname, but can't figure out how to switch to su):
I am building a web application that uses JWT for authentication. I would like to pass the token in cookies instead of the Authorization header. Is there a way to intercept the request and check the token from the cookies instead of the header? I tried overriding the OnPreDispatch() method and adding it to my dispatch class, but it seems like it never gets executed, as the response returns "Unauthorized" before reaching it.
JWT (JSON Web Token) is an open standard (RFC 7519) that offers a lightweight, compact, and self-contained method for securely transmitting information between two parties. It is commonly used in web applications for authentication, authorization, and information exchange.
A JWT is typically composed of three parts:
1. JOSE (JSON Object Signing and Encryption) Header 2. Payload 3. Signature
In your Interoperability Production you could always have a Business Operation that is an HTTP client, that uses OAuth 2.0 for authentication, but you had to customize the Operation for this authentication methodology. Since v2024.3, which was lately released, there is a new capability, providing new settings, to handle this more easily.
I want to integrate IRIS with Keycloak OAuth2 provider to use delegated authentication everywhere and to secure everything - sys*/Portal applications, REST services, FHIR server and so on. If an unathenticated user tries to access any IRIS URL - he or she should be redirected to Keycloak. After the user has successfully authenticated, i would like to access his requistes (username, email, roles, scopes) extracted from the JWT token, programmatically. What should be done to achieve that?
I'm trying to call a SOAP web service which is implemented in .NET Classic and requires NTLM authentication. The client class was generated by %SOAP.WSDL.Reader. The problem is that neither NTLM authentication works nor can I handle the exception since VSCode debugger says that all meaningful fields and properties are empty (the same request works fine in Postman):
I finally figured out how to get JWT token using set x = ##class(%SYS.OAuth2.Authorization).GetAccessTokenClient("medbank","openid fhirUser",.prop,.err).
I also found iris-fhir-client app on Open Exchange. I registered Epic sandbox server, but I cannot list resources. I suspect I need to integrate authorization / authentication. How do I do this with irisfhirclient py?
I'm trying to use JWT authentication on a REST application in IRIS. The login API are correctly "injected" into the application. Login works fine with Postman and other REST clients, and subsequent calls to my REST API using the bearer token work fine (correctly authenticated). So far, so good.
I am trying to use IRIS for Health as a Facade for an external FHIR Server, where IRIS provides the proper authentication.
The client authenticates using a bearer token obtained from the IRIS OAuth2 server via a jwt client assertion.
The IRIS endpoint, however, returns a 401 as soon as I remove the Unauthenticated access
Is there w way to make this work through configuration?
Recently I got into a situation where a user had some roles, which granted additional roles, and so on.
As I did not understand where a particular permission came from, I wrote this code which gets an initial set of roles and unwraps them recursively, accounting for any repeats.
I am currently part of a team that is developing an application using Microsoft PowerApps as the front end and IRIS as the backend. Effectively that frontend screens, which are house and an Azure serve, call a series of REST interfaces exposed by IRIS from a physical Microsoft server. During the development stage we have not had any security in place but now we need to secure the application using a single sign on. PowerApps relies on Microsoft Entra for its security both LDAP and OAuth. Has anyone in the community connected IRIS to Microsoft Entra?
As a part of the IRIS Python 2024 contest, my colleague Damir and I went with an idea to build a platform called ShelterShare for connecting victims and volunteers for shelter requests .
By update.png)
Open Exchange app