In our current UCR arhcitecture, we use two installations. We have one machine with Access, Registry and Edges and one machine with the ODS. On the machine with the Registry, I can create a user/clinician. When I log into the management portal with this user, a so-called delegated user is created in the cached users table. So far everything is going well.
When I try the same on the machine with the ODS I get the message : 'ERROR #822: Access Denied' . so no delegated user is created.... Does anyone have any idea where I can find the solution?
I have to create a SOAP WebService that receives the username/password as part of a field in the Request. I have no control of the client's application.
I am trying to secure a rest service but I lack the understanding of how to achieve this if anyone will explain in details how I could achieve the following:
Securing The REST Service with Basic Auth (username and password)
if any one has a sample code on this will appreciate
While the documentation of configuring authentication with Kerberos for IRIS on Linux servers is sparse, for docker i found no docs at all. Assuming I would be able to adapt the requirements from linux to docker (on linux host) I had no success at all. Has anyone successfully done this?
Credentials for a Productions are stored as plain text in ^Ens.SecondaryData.Password and exposed as plain text via SQL table Ens_Config.Credentials which is not ideal as only admins should know the credentials.
I can create my own adapter etc... to store and use encrypted passwords but does anyone know if there is a standard way to do this in a Production?
Alternatively, am I missing how to secure this so the production can run and someone can monitor and operate a production without access to the SQL table or global?
Many password requirements can be enforced using a password validation routine which is available to implement in System Management Portal. But how about this one:
Check that at least 50% of the characters changed from old password to new password.
We need to have access to the old password to check this, currently password validation routine only gets the new password.
Since the ObjectScript plug-ins for VS Code use web services to connect to IRIS, is it possible for a VS Code user to authenticate against IRIS using OAuth?
Working on integrating with O365 Sharepoint REST API. I would want to know if anyone can share their experience with integration with Sharepoint REST API and how they implemented security?
I am doing an implementation of a SAML 2.0 SingleSignOn protocol integration which requires a signed message with the signature element in the body of the SOAP message, not the header as is default SOAP security handling. Any suggestions for how to do this would be greatly appreciated. When it is passed in the header, it is not processed by our partner and we just get a "Signature Required" response.
I'm VERY novice on all things "OpenAM", and beyond knowing that Caché supports working with OpenAM, I have nothing else to go on.
The documentation doesn't seem to be very deep on the nature of how this works beyond a single paragraph saying it's supported for Single Sign On (SSO).
We are using AWS SSO authentication in our application to validate the users. For validating the users, we are passing the username and password from AWS SSO to our application. We need to validate the user in our application without using the password.
We developed the login class using zenPage. We used <loginForm> tag in the login page which is used for the automatic validation. Is there any possible way to achieve this?
I'm hoping to get some feedback on the OAuth process flow for Payer-to-Payer authorization. It doesn't seem that "Authorization Code Flow" is needed as there will not be a need for a login. I am leaning towards recommending "Client Credentials Flow", but wanted to get some community feedback before making a decision. I prefer to follow what the standard will be if possible. What would you recommend? Thank you in advance for your input.
How do you determine what namespace to use for your custom SAML attributes? We want to receive patient context (first name, last name, dob, gender, etc.)
OASIS has resource-id but none of the other attributes. urn:oasis:names:tc:xacml:1.0:resource:resource-id
I am using MDX2JSON do display data, it uses CSP REST to retrieve data and uses Password Authentication. I enabled LDAP authentication for this applicaiton, but it does not work.
I am creating a WS as a server, but when I ask for the WSDL it is giving me an error because it cannot find the class.
I have added the following instructions:
set ^SYS("Security","CSP","AllowClass","MiProyecto.MiClaseWS","%SOAP.WebServiceInfo")=1
set ^SYS("Security","CSP","AllowClass","MiProyecto.MiClaseWS","%SOAP.WebServiceInvoke")=1
I have created an entry in the WS security configuration
We need to implement Oauth2 Code Flow + PKCE. Any experience with InterSystems OAuth2 Server on this would be welcome. What parameters did you setup on OAuth 2 server configuration page to make it work?
I have recently studied deepsee and developed few dashboards needed for our web app users. I am trying to embed them in our existing web app which uses angular with delegated user access. I need to embed the native IRIS dashboard into it. ( I can't use Highcharts or any other js tools).
How do I setup the dashboards to work with delegated authentication (Without providing access to management portal or other parts) ? Also should I use the default csp/{Namespace}/_DeepSee.UserPortal.DashboardViewer.zen? or any other web application URL ?
Currently, I am working on a CSP application that is supposed to generate reports. Users will have varying access to said reports. To achieve that, I plan to use LDAP (because it's used in other systems where those users already exist). Documentation does not provide enough information, so I'd like a clarification: Do I need to enable LDAP authentication for the whole Cache instance to use LDAP authentication in a single CSP application in that instance?
is there a possibility to implement a "remember password" feature in a ZEN Application?
In the management portal I added a web-application for a ZEN application with password authentification. I created an own login page, and now I want to implement a "remember password" feature (User should not have to login again after the session times out or when the browser window is closed).
I've a Service utilising the Adapter EnsLib.SQL.InboundAdapter, which uses a Credentials item set with the details of a local SQL account. This currently works, however, we're looking to use the credentials of an AD domain account.
The domain account is a member of an AD security group, which has the required permissions on the source SQL database. I've checked that access is possible with this account via SQL studio.
I have a Problem with the Session Handling in .csp.
I wrote all my Web Services in .csp-Pages and do the work for example in the OnPreHttp Method for to get some data.
After that the Web Service response is in JSON.
I call These Web Services via fetch in my react Single Page application, also Many request parallel. The react App is Rolled out as index.html. Everything Works Fine with the session Handling via Cookie.
I'm trying to consume a REST Service that use Digest authentication, I'm trying to implement the authentication but I'm don't know where is my mistake.
Someone have already used this type of authentication.
Below the code I wrote to try to generate the response hash:
Actually, I'm developing few restful API's. I want to create a authentication tokens and display it on my login restful API. If I'm using CSP sessionId, how can I validate the session Id's in another or continues restful API's. else, is there any other approach to handle this task.
My Primary goal is, I have to integrate 2 different front end applications. One is Zen framework another one is web pages from Python.
I'm wondering if anybody has done an implementation of the https://www.shibboleth.net/products/service-provider/ interface in Caché / IRIS to have a application running in Caché / IRIS be acception the shibboleth tokens and data as usage credentials.
By update
.png)
.png)