Authentication | InterSystems Developer Community

Question

Hannah Sullivan · Aug 3, 2023

How to reset password stored in VS Code Workstation Keychain for InterSystems Server Manager

Hi community,

I have an incorrect InterSystems Server Credentials password stored by the Workstation Keychain in VS Code. VS Code is trying to use this incorrect stored credential to access the server and does not prompt or allow me to input a different password. I do not see any settings associated with the Keychain or resetting those credentials. Does anyone know of the process to delete or replace a stored password here?

Thanks!

Hannah

#Authentication #VSCode

2 1

0 881

Question

Humza Arshad · May 16, 2023

How to Authenticate a user that is created in InterSystems Management portal

Hi guys,

I want to develop a web application in which a user can log in through the user credential of intersystems that is created in Management Portal for a specific role. How can I authenticate the user and get any token or login cookie through which user can call other apis

#Authentication #React #REST API #InterSystems IRIS #VSCode

0 2

0 303

Question

Nick Hershberger · Jun 13, 2023

Handling encrypted SAML assertions in response

We've implemented SAML authentication for our application where we are the service provider and various other entities are the identity providers. We've done successful connections with several identity providers including Okta, Duo Mobile, Ping Identity, and Azure. Validating the SAML response with signed assertions has been working great. Now, I am trying implement support for the SAML assertions in the response being encrypted for a new identity provider and struggling to understand procedurally how to go about this.

#Authentication #Encryption #XML #Caché

0 0

0 416

Question

Jerry Wang · Apr 27, 2023

Configure IRIS ODBC connection with Windows authentication using a specified domain account rather than default IRIS server account

Hi experts

I'm trying to configure an IRIS ODBC connection with "Windows NT authentication using the network login ID". I have created the System DSN as below:

and user (PROD\test) in the SQL Gateway connection

However, as the error message suggests, IRIS is trying to connect with PROD\svc_mist, rather than PROD\test configured above.

#Authentication #Databases #ODBC #InterSystems IRIS #InterSystems IRIS for Health

0 2

0 201

Question

Yuri Marx · Mar 17, 2023

Custom %CSP.Login for app /csp/sys

Hi guys, I defined a subclass to %CSP.Login and assigned csp/sys login page to this subclass:

But did not work, I get this error:

And more, the default %CSP.Login continues to be called to login when the user not logged yet
So, how can I do to replace the default %CSP.Login by my subclass?

#Authentication #Security #InterSystems IRIS

0 8

0 456

Question

Jeffrey Drumm · Feb 10, 2023

IRIS OS Authentication on Ubuntu 20.04/22.04

I've been trying for a while now to get OS authentication working on IRIS running on Ubuntu 20.04 and subsequently 22.04. I have the following authentication methods enabled for %Service_Terminal:

Operating System
Password
Operating System Delegated Authorization

And i have these options selected in Authentication/Web Session Options:

#Authentication #Security #Terminal #Ubuntu #InterSystems IRIS

0 2

0 231

Question

Jaime Lerga · Feb 8, 2023

Implementing basic auth on a rest API

Recently i've been using Restforms2 to create a CRUD API for a project. But it lacks some advanced functionality that we need, so we have created a production with a REST WS which handles those advanced methods. That works great but there's a drawback, it does not have authentication.

I would want to use the same authentication method as Restforms2 which is a basic auth using IRIS users and passwords.

#Authentication #JSON #REST API #Security #InterSystems IRIS

0 4

0 857

Question

Tani Frankel · Feb 8, 2023

Configuration (CPF) Merge with Authentication Configuration Sample?

Does anyone happen to have a sample Configuration (CPF) Merge file that includes Action parameters setting up authentication methods (e.g.

#Authentication #Deployment #DevOps #Kubernetes #InterSystems IRIS #InterSystems IRIS for Health

1 2

0 241

Question

Adrian Douglas · May 14, 2021

Multi-factor Authentication in TrakCare

Has anyone successfully implemented Multi-factor Authentication for TrakCare?

#Authentication #Access control #InterSystems IRIS for Health #TrakCare

0 4

0 395

Question

Rob Schoenmakers · Nov 30, 2022

Delegated Users

In our current UCR arhcitecture, we use two installations. We have one machine with Access, Registry and Edges and one machine with the ODS. On the machine with the Registry, I can create a user/clinician. When I log into the management portal with this user, a so-called delegated user is created in the cached users table. So far everything is going well.

When I try the same on the machine with the ODS I get the message : 'ERROR #822: Access Denied' . so no delegated user is created.... Does anyone have any idea where I can find the solution?

#Access control #Authentication #Security #System Administration #InterSystems IRIS #InterSystems IRIS for Health

1 1

0 361

Question

André-Claude Gendron · Oct 28, 2022

SOAP - Custom authentication when user/password is in Body

I have to create a SOAP WebService that receives the username/password as part of a field in the Request. I have no control of the client's application.

#Authentication #CSP #SOAP #InterSystems IRIS

0 3

0 849

Question

Mark OReilly · Oct 25, 2022

Attempt to access a protected Resource- CSP custom page error- have granted role

Getting proctect error on csp custom login page.

It says to add role to CSPSYSTEM i have given role to db (rw i would like to change to R once working). It has not solved issue

#Authentication #CSP #InterSystems IRIS for Health

0 2

0 247

Question

Thembelani Mlalazi · Sep 28, 2022

How to secure a REST API

I am trying to secure a rest service but I lack the understanding of how to achieve this if anyone will explain in details how I could achieve the following:

Securing The REST Service with Basic Auth (username and password)

if any one has a sample code on this will appreciate

#Access control #Authentication #REST API #Caché

0 2

0 541

Question

Thomas Wuppermann · Sep 23, 2022

Problem with configuration of Kerberos Auth with Docker (or Linux)

While the documentation of configuring authentication with Kerberos for IRIS on Linux servers is sparse, for docker i found no docs at all. Assuming I would be able to adapt the requirements from linux to docker (on linux host) I had no success at all. Has anyone successfully done this?

#Authentication #Docker #InterSystems IRIS

0 0

0 304

Question

David Underhill · Aug 23, 2022

Interoperability Production Credentials Password storage

Credentials for a Productions are stored as plain text in ^Ens.SecondaryData.Password and exposed as plain text via SQL table Ens_Config.Credentials which is not ideal as only admins should know the credentials.

I can create my own adapter etc... to store and use encrypted passwords but does anyone know if there is a standard way to do this in a Production?

Alternatively, am I missing how to secure this so the production can run and someone can monitor and operate a production without access to the SQL table or global?

#Authentication #Encryption #Interoperability #Security #Caché #Ensemble #InterSystems IRIS

1 2

2 604

Question

Oliver Wilms · Aug 12, 2022

Password requirements

Many password requirements can be enforced using a password validation routine which is available to implement in System Management Portal. But how about this one:

Check that at least 50% of the characters changed from old password to new password.

We need to have access to the old password to check this, currently password validation routine only gets the new password.

#Access control #Authentication #InterSystems IRIS

0 1

0 344

Question

Oliver Wilms · Jul 10, 2022

I am still working on iris-for-money app: https://github.com/oliverwilms/iris-for-money

Account.csp posts a rest call with _SYSTEM username and the password.

xhttp.open("POST", "/restapi/sql/" + query, true,"_SYSTEM","SYS");
xhttp.send();

/restapi web application has Password Authentication Method enabled.

SYS is the correct password for _SYSTEM user.

I do not understand why I see login failure in Audit database.

#Authentication #CSP #REST API #InterSystems IRIS #Open Exchange

0 1

0 341

Question

Oliver Wilms · Jul 9, 2022

ERROR #5540: SQLCODE: -99 Message: User UnknownUser is not privileged for the operation

I am working on iris-for-money app: https://github.com/oliverwilms/iris-for-money

Account.csp posts a rest call with _SYSTEM username and the password.

xhttp.open("POST", "/restapi/sql/" + query, true,"_SYSTEM","SYS");
xhttp.send();

The error is logged in Riches.REST for this line:

Set tSC = tStatement.%Prepare(pQuery)

#Authentication #REST API #InterSystems IRIS

0 3

0 979

Question

Marc Mundt · Apr 20, 2022

Using OAuth with VS Code?

Since the ObjectScript plug-ins for VS Code use web services to connect to IRIS, is it possible for a VS Code user to authenticate against IRIS using OAuth?

#Authentication #OAuth2 #VSCode

0 1

0 974

Question

Jukka Pitkänen · Mar 21, 2022

HMAC authentication problem

Hi! I'm banging my head to the wall with HMAC authentication. I have tried to implement this various ways but nothing seems to work.

If someone could help on this it would be great!

Here is a code that I have tried and working Javascript example, tested on Postman.

#Authentication #Encryption #InterSystems IRIS

0 4

0 803

Question

Kiran Kumar · Jan 3, 2020

Integration with O365 Sharepoint REST API

Hi,

Working on integrating with O365 Sharepoint REST API. I would want to know if anyone can share their experience with integration with Sharepoint REST API and how they implemented security?

Thanks
Kiran Kumar

#Authentication #Access control #REST API #Security #Ensemble

0 1

0 514

Question

Annalisa Wilde · Jul 26, 2018

Implementing a <Signature> in SOAP Body for outbound samlp messages

I am doing an implementation of a SAML 2.0 SingleSignOn protocol integration which requires a signed message with the signature element in the body of the SOAP message, not the header as is default SOAP security handling. Any suggestions for how to do this would be greatly appreciated. When it is passed in the header, it is not processed by our partner and we just get a "Signature Required" response.

#Authentication #SOAP #Caché

0 1

0 529

Question

Chip Gore · Aug 18, 2016

OpenAM interface question...

I'm VERY novice on all things "OpenAM", and beyond knowing that Caché supports working with OpenAM, I have nothing else to go on.

The documentation doesn't seem to be very deep on the nature of how this works beyond a single paragraph saying it's supported for Single Sign On (SSO).

#Mapping #Security #Authentication #Access control #Caché

0 1

0 405

Question

Evgeny Shvarov · Nov 10, 2021

How to Implement Bearer Authentication with InterSystems IRIS REST API?

Hi folks!

Could you please share your experience on how do you create REST API with InterSystems IRIS that uses bearer authentication?

How do you generate tokens? How do you maintain it (how much time tokens exist?).

Thanks in advance!

#Authentication #REST API #InterSystems IRIS

0 4

1 724

Question

Sivasubramani N... · Sep 1, 2021

AWS SSO Login

Hello,

We are using AWS SSO authentication in our application to validate the users. For validating the users, we are passing the username and password from AWS SSO to our application. We need to validate the user in our application without using the password.

We developed the login class using zenPage. We used <loginForm> tag in the login page which is used for the automatic validation.
Is there any possible way to achieve this?

Thanks in advance.

#Authentication #AWS #ZEN #Caché

0 1

0 300

Question

Joseph Conaty · Sep 14, 2021

P2P OAUTH Recommended Flow

Hello,

I'm hoping to get some feedback on the OAuth process flow for Payer-to-Payer authorization. It doesn't seem that "Authorization Code Flow" is needed as there will not be a need for a login. I am leaning towards recommending "Client Credentials Flow", but wanted to get some community feedback before making a decision. I prefer to follow what the standard will be if possible. What would you recommend? Thank you in advance for your input.

#API #Authentication #InterSystems IRIS #InterSystems IRIS for Health

0 2

0 271

Question

Paul Riker · Aug 9, 2021

Custom SAML Attributes

How do you determine what namespace to use for your custom SAML attributes? We want to receive patient context (first name, last name, dob, gender, etc.)

OASIS has resource-id but none of the other attributes. urn:oasis:names:tc:xacml:1.0:resource:resource-id

#Access control #Authentication #Security #SOAP #XML #HealthShare

0 2

0 252

Question

Evgenii Ermolaev · Apr 27, 2021

Is it possible to authenticate via LDAP in a CSP REST application?

I am using MDX2JSON do display data, it uses CSP REST to retrieve data and uses Password Authentication. I enabled LDAP authentication for this applicaiton, but it does not work.

#Authentication #CSP #LDAP #REST API #Caché

0 7

0 372

Question

Oscar Muñoz · Apr 15, 2021

Access permissions to WS service

Hello everybody,

I am creating a WS as a server, but when I ask for the WSDL it is giving me an error because it cannot find the class.

I have added the following instructions:

set ^SYS("Security","CSP","AllowClass","MiProyecto.MiClaseWS","%SOAP.WebServiceInfo")=1 
set ^SYS("Security","CSP","AllowClass","MiProyecto.MiClaseWS","%SOAP.WebServiceInvoke")=1

I have created an entry in the WS security configuration

#Authentication #Ensemble

0 6

0 385

Question

Blaise ZARKA · Dec 11, 2019

OAuth2 Code Flow + PKCE

Hi,

We need to implement Oauth2 Code Flow + PKCE. Any experience with InterSystems OAuth2 Server on this would be welcome.
What parameters did you setup on OAuth 2 server configuration page to make it work?

Thanks!

#Authentication #Access control #InterSystems IRIS

0 4

0 510