#Authentication

Currently, I am working on a CSP application that is supposed to generate reports. Users will have varying access to said reports. To achieve that, I plan to use LDAP (because it's used in other systems where those users already exist). Documentation does not provide enough information, so I'd like a clarification:
Do I need to enable LDAP authentication for the whole Cache instance to use LDAP authentication in a single CSP application in that instance?

Hi Community,

is there a possibility to implement a "remember password" feature in a ZEN Application?

In the management portal I added a web-application for a ZEN application with password authentification. I created an own login page, and now I want to implement a "remember password" feature (User should not have to login again after the session times out or when the browser window is closed).

Hey Intersystems Community,

I have a Problem with the Session Handling in .csp.

I wrote all my Web Services in .csp-Pages and do the work for example in the OnPreHttp Method for to get some data.

After that the Web Service response is in JSON.

I call These Web Services via fetch in my react Single Page application, also Many request parallel. The react App is Rolled out as index.html.
Everything Works Fine with the session Handling via Cookie.

Hi guys,

I'm trying to consume a REST Service that use Digest authentication, I'm trying to implement the authentication but I'm don't know where is my mistake.

Someone have already used this type of authentication.

Below the code I wrote to try to generate the response hash:

I'm wondering if anybody has done an implementation of the https://www.shibboleth.net/products/service-provider/ interface in Caché / IRIS to have a application running in Caché / IRIS be acception the shibboleth tokens and data as  usage credentials.

Hi,

I'm using Operating System authentication and I need to give permission on Healthshare to allow a user to run only this two commands 

##Class(Backup.General).ExternalFreeze()

and

##Class(Backup.General).ExternalThaw()

This user is gonna be use to backup only.

There are any role on HealthShare for this?

This is more a WARNING than a question

Hi,

Working on integrating with O365 Sharepoint REST API. I would want to know if anyone can share their experience with integration with Sharepoint REST API and how they implemented security?

Thanks
Kiran Kumar

I generated a REST API from a Swagger document with basic security.

When I send a request to that API, I now get an authentication error 401 always.

I entered a user api and a password and gave it the role %All.

I tried to call the API with the URL

http://solidara.net:52773/csp/solidara/get_components/solidara?username…;

What's am I doing wrong there?

Hi,

We need to implement Oauth2 Code Flow + PKCE. Any experience with InterSystems OAuth2 Server on this would be welcome.
What parameters did you setup on OAuth 2 server configuration page  to make it work?

Thanks!

Hi,

I've a Service utilising the Adapter EnsLib.SQL.InboundAdapter, which uses a Credentials item set with the details of a local SQL account. This currently works, however, we're looking to use the credentials of an AD domain account.

The domain account is a member of an AD security group, which has the required permissions on the source SQL database. I've checked that access is possible with this account via SQL studio.

I've tested setting the Credential username as domain\username and username@FQDN, but neither create a successful connection.

Hello everyone :-)

I would like to update Atelier from version 1.0.262 to the 1.3 one. So I clicked on Help --> Check for updates, and I get these first error messages:

"No updates were found in available software sites."

"Some sites could not be found. See the error log for more detail." etc. cf picture below talking about Proxy Authentication.

Hello, has anyone tried to use Caché as a reverse proxy ?

We are trying to embed a dashboard server (Plotly Dash in this case, but it could be anything which runs on its application server) inside our application which is written in Caché.  
The dashboard/report server runs locally (for example, or inside a LAN) on port 8080, and has no authentication features, so we have to implement them on a different layer, and we'd like to use Caché for it.

OAuth server to be deployed on the IRIS learning cloud platform. Clients - one on the other instance of the learning IRIS server, the other client locally on my computer in the container docker.

Both clients get a seemingly correct link (through ##class(%SYS.OAuth2.Authorization).GetAuthorizationCodeEndpoint()) to the login request form:  

https://52773b-62955584.labs.learning.intersystems.com/oauth2/authorize?response_type=code&client_id=nHCv5A-u_5T1YAwk_tJ7xpi1ky-s2AnRQMaL6YHsUgU&redirect_uri=https%3A//52773b-99792125.labs.learning.intersystems.com/csp/sys/oauth2/OAuth2.Response.

I need use/create an app based authentication class, best options on other languages is bcrypt, but on cache(2017.2) is not and option, any suggestion to construct this option ?

Hi All,

I want to implement SOAP authentication and Security. Please let me know what are all the  best ways to Implement it.

Advance thanks,

I'm trying to sign an xml but this is showing an Id attribute in the Signature tag and the xmlns attribute is not appearing.

This is the xml generated:

<Signature Id="Id-80170FF0-0678-47D5-8C8B-771AA4E334E6">
            <SignedInfo>
                <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
                <SignatureMethod Algorithm="http://www.w3.

Hello,

I'm new to Iris for Health and I'm trying to get some experience using it.  I've subscribed to the Intersystems Iris for Health software in AWS marketplace.  I successfully spun up the EC2 instance with the default security group.  The try-iris instance is healthy and successfully starts within EC2.  I've also successfully changed the default password too.

 However, I'm unable to authenticate into the management portal.  The portal launches okay though I keep getting an access denied.  I'm also unable to authenticate into a session from the EC2 instance.

Hi!

I have a qeustion if it possible to let Ensemble manage user rights from AD-user group?

What i want is to let external user have access to certain CPS-pages to read information. But not let them have access to Ensemble it self. And instead to set up individual accounts in Ensemble for each one of them i rather want to have dem in an AD-securitygroup.

Is that possible and also limit them only to choosen CSP-pages?

I'm not a administrator of our platform, i'm just develope productions so i would be greatful for information i could bring to our tech-guys and ask them to set it tup, if possible.

Hi All,

Actually, I'm developing few restful API's. I want to create a authentication tokens and display it on my login restful API. If I'm using CSP sessionId, how can I validate the session Id's in another or continues restful API's. else, is there any other approach to handle this task. 

My Primary goal is, I have to integrate 2 different front end applications. One is Zen framework another one is web pages from Python. 

If any lead, it would be appreciated. 

Thanks,

Arun Kumar Durairaj. 

I am doing an implementation of a SAML 2.0 SingleSignOn protocol integration which requires a signed message with the signature element in the body of the SOAP message, not the header as is default SOAP security handling. Any suggestions for how to do this would be greatly appreciated. When it is passed in the header, it is not processed by our partner and we just get a "Signature Required" response. Presumably I will have to go through the steps outlined in Signing XML Documents but I am not sure the best place within the outbound web-client flow in which to do this.

Hi,

I have a problem with CSP Application Authentication, when the user input you correct password, however the message "Invalid password" returns.

This error returns just Cache password user type, for user delegated don't.

this error is momentary also, if you wait a moment, it stops.

Without installing Kerberos has anyone Authenticated a SQL JDBC connection? Currently we are using local SQL Accounts to sign onto External SQL Databases, but we are being told that we need to switch to Service accounts that live on a Active Directory Domain. 

I wrote with a little help a ZAUTHENICATE to do the Authentication for Ensemble, can I use something like that to connect to an External SQL Database using a Service Account on a Active Directory Domain?

Thanks

Scott

I need to offer new users on our system a temporary password that is valid for only 48 hours.  This is different than a 60-day password expiration window for existing users' passwords (where a password needs to be changed every 60 days), and is different than a "user expiration date", where you can set a date where the user's account expires and is disabled on that date, and different than the inactivity expiration date where a user becomes active if his account is not used within, say, 30 days.

Hi, 

I am working on an ZAUTHENTICATE.mac to move us from local cache users to Delegated Authentication against LDAP. 

I have created a user role within my instance of Ensemble that matches the AD Group that I will be assigning everyone in my group to.  Is there a way to query the list of available Roles within Ensemble, and if one of my AD groups matches that role, set the role for that user?

How would I compare the AD Group against the Role listing?

Thanks

Scott

I am setting up a new Caché instance and I have managed to configure it where Caché username/password is required to initiate the Caché session:

csdfalsdkfjf@fra23e234sco:/opt/labmed/test/test81/proc$ csession cache1

Node: frxxco, Instance: CACHE1

Username: 

I cannot find the setting in the management console that allows for unauthenticated login to a Caché session.  Any help is much appreciated.

Hi community

i'm working on the validation user method , i found this following  code in the  \HSIE\%SYS\Classes\%OAuth2\Server\Validate.cls  

ClassMethod ValidateUser(username As %String, password As %String, scope As %ArrayOfDataTypes, properties As %OAuth2.Server.Properties, Output sc As %Status) As %Boolean
{
    // Check if user is defined.
    // We use local Cache user list as the shipped default.
    If '##class(Security.Users).Exists(username,.user,.

Hi guys,

     I have accidentally clicked the remember password option in my Ensemble studio. So it is now not asking for username and password and even the authentication popup is not showing every time i open the studio.

    Is there anyway to remove the remember password option for the cache studio.

Thanks,

Hi, Community!

Suppose If you develop a client js application which works with Caché server via REST API (CSP Gateway).

What are the options for Authentication and working with Caché session then?