I am working on an ZAUTHENTICATE.mac to move us from local cache users to Delegated Authentication against LDAP.
I have created a user role within my instance of Ensemble that matches the AD Group that I will be assigning everyone in my group to. Is there a way to query the list of available Roles within Ensemble, and if one of my AD groups matches that role, set the role for that user?
How would I compare the AD Group against the Role listing?
I've noticed that Management portal somehow manages to allow a single user to be in different namespaces in different tabs in the same application (i.e. Management Portal). I've looked at my Processes, however, and see that all of my processes using MgmtPortal think I'm in %SYS, even though 2 of them are looking at globals in two different namespaces; NamespaceA and NamespaceB.
I can even fool MgmtPortal because the first time I try to look at a global in NamespaceA it thinks I'm in %SYS! After a refresh, however, I can see the global in NamespaceA.
Hi guys, I defined a subclass to %CSP.Login and assigned csp/sys login page to this subclass:
But did not work, I get this error:
And more, the default %CSP.Login continues to be called to login when the user not logged yet So, how can I do to replace the default %CSP.Login by my subclass?
I am using MDX2JSON do display data, it uses CSP REST to retrieve data and uses Password Authentication. I enabled LDAP authentication for this applicaiton, but it does not work.
I have a qeustion if it possible to let Ensemble manage user rights from AD-user group?
What i want is to let external user have access to certain CPS-pages to read information. But not let them have access to Ensemble it self. And instead to set up individual accounts in Ensemble for each one of them i rather want to have dem in an AD-securitygroup.
Is that possible and also limit them only to choosen CSP-pages?
I am creating a WS as a server, but when I ask for the WSDL it is giving me an error because it cannot find the class.
I have added the following instructions:
set ^SYS("Security","CSP","AllowClass","MiProyecto.MiClaseWS","%SOAP.WebServiceInfo")=1
set ^SYS("Security","CSP","AllowClass","MiProyecto.MiClaseWS","%SOAP.WebServiceInvoke")=1
I have created an entry in the WS security configuration
Currently, I am working on a CSP application that is supposed to generate reports. Users will have varying access to said reports. To achieve that, I plan to use LDAP (because it's used in other systems where those users already exist). Documentation does not provide enough information, so I'd like a clarification: Do I need to enable LDAP authentication for the whole Cache instance to use LDAP authentication in a single CSP application in that instance?
Hello, has anyone tried to use Caché as a reverse proxy ?
We are trying to embed a dashboard server (Plotly Dash in this case, but it could be anything which runs on its application server) inside our application which is written in Caché. The dashboard/report server runs locally (for example, or inside a LAN) on port 8080, and has no authentication features, so we have to implement them on a different layer, and we'd like to use Caché for it.
We currently have CSP application that runs under 2 servers(usually primary), and every month the server reboots for patching SERVER1(primary) in the morning and SERVER2(backup) at night.
Whenever the SERVER1 reboots SERVER2 behaves as primary and when SERVER1 comes back up it will act as backup server.
First Patching:
So, when SERVER1 is down, I need to start httpd service for SERVER2 and stop httpd service for SERVER1 (which is now backup server).
Recently i've been using Restforms2 to create a CRUD API for a project. But it lacks some advanced functionality that we need, so we have created a production with a REST WS which handles those advanced methods. That works great but there's a drawback, it does not have authentication.
I would want to use the same authentication method as Restforms2 which is a basic auth using IRIS users and passwords.
In my ZEN login page, I found a way to bypass the submit button and force a user to click on the Sign In button, thus forcing the code to call my OnSubmit(), like this:
We need to implement Oauth2 Code Flow + PKCE. Any experience with InterSystems OAuth2 Server on this would be welcome. What parameters did you setup on OAuth 2 server configuration page to make it work?
For Login in CSP application, I am displaying custom Login page which is rendered from subclass CSS.CSP.Login that extends %CSP.Login, and also got IBA.CSP.Page that extends %CSP.Page with overridden method OnPreHTTP(). This setup is working perfectly for normal login.
I have to create a SOAP WebService that receives the username/password as part of a field in the Request. I have no control of the client's application.
I am attempting to enable two-factor authentication for a user account through the System Administration > Security > Users > Edit User (Security Settings) section. However, I am encountering an error with the Qrcode class.
I know that when specifying Caché password rules (i.e. what constitutes a valid password definition) that the "Pattern Matching" logic is what is getting leveraged under the covers to enforce the "A Password Must conform to X" rule. I was hoping that people could share some more sophisticated pattern matching rules. (in particular, I was wondering what a rule that would require non-repeating mixture of letter, numbers, & punctuation of an overall minimal size)
OAuth server to be deployed on the IRIS learning cloud platform. Clients - one on the other instance of the learning IRIS server, the other client locally on my computer in the container docker.
Both clients get a seemingly correct link (through ##class(%SYS.OAuth2.Authorization).GetAuthorizationCodeEndpoint()) to the login request form:
By replies
.png)
.png)