Authentication in Computing is the process or action of verifying the identity of a user or process.
Hi everyone! My company has a Zen ERP application with CSP delegated authentication. Now, we're developing a separated BI application, using Angular, which consumes DeepSee REST API services. Both applications access the same Caché database.
How to implement single sign-on strategy in order to allow an already authenticated ERP user to access DeepSee REST services? Has anyone already implemented something like that?
Thanks in advanced.
Hello all,
In my ZEN login page, I found a way to bypass the submit button and force a user to click on the Sign In button, thus forcing the code to call my OnSubmit(), like this:
<!--ondefault="return true;"--><!-- this removes the ability to use "return" to login - forces button click to login -->
<text name="CacheUserName" />
<password name="CachePassword" />
<!-- the submit button is special, and submits automatically without checking first -->
<!
Unless I'm mistaken, 2017.1 doesn't appear to support RFC 7523 (JSON Web Token Profile for OAuth 2.0 Client Authentication and Authorization Grants). Is that coming in 2017.2?
In order to support it in 2017.1, I'd have to override the OAuth 2.0 token endpoint to cater for the additional grant types - what's the best way to do this?
Thanks.
We are building a bunch of rest based services using Ens 2016.2 to serve our browser based application (Angular 4).
Two questions:
1. The initial authentication seems only work if credentials are placed in the url parameters. Trying to use the Authorization header instead, the client code immediately complains about Access-Control-Allow-
2. After initial authentication, what is the proper way to send subsequent rest calls without having to include credential every time?
I have Parameter UseSession As Integer = 1 in my service class, but what else do I need to do?
Hi,
Does calling the BIND method of %SYS.LDAP, with the username, domain and password of the user that needs to be authenticated- the right way to authenticate him/her ?
Also - am I correct in assuming that something like this is independant to (and I don't need to specify setting for), System Security -> LDAP Options
Thanks
Steve
I use Cache Instance. I'm trying to implement OAuth 2.0 in Cache instance.
Is it possible to use Cache instance as Client and Server?
And What is the Difference between CLIENT and AUTHSERVER instance?
Why is it used? I want to know which instance use which type of application?
Hopefully this is a simple questions to respond to. Can you do Delegated Authentication for SOAP web service calls. I ask as I am not seeing this work as expected. I have this authentication turned on and enabled in for he CSP Web Application yet I keep getting a "Security Token could not be Authenticated. And a global I was setting to capture some of the available data is not being loaded.
I am looking for a solution with Ensemble to talk to a old NTLM based SOAP Service. Does anyone has done this before?
We have the webservice calls working via SOAPUI but we are looking how we can make it work with Ensemble.
Is there a ready to use Outbound Adapter for NTLM ?
Thx.
Hi -
I know that when specifying Caché password rules (i.e. what constitutes a valid password definition) that the "Pattern Matching" logic is what is getting leveraged under the covers to enforce the "A Password Must conform to X" rule. I was hoping that people could share some more sophisticated pattern matching rules. (in particular, I was wondering what a rule that would require non-repeating mixture of letter, numbers, & punctuation of an overall minimal size)
If a user simply closes a tab (running a web application), is there any good way to ensure that the license is released AND the login cookie is destroyed?
I found that if the tab is simply closed without first logging out of the application, then 1) the license hangs around forever, and 2) if the user then opens a tab, he is already logged in.
For #2, I understand that there might be some grace period to allow the user to log in automatically again using the same session Id (where is that documentation again?) but what about destroying the license? Who/what is supposed to clean that up?
Is this available anywhere (for Health Connect)? I've found a few presentations but they are aimed at entry level.
We're looking at supporting more and more FHIR, REST plus OAuth interfaces in future. I've built some of this into older versions of HealthShare and Ensemble but it's desirable to move to supported versions.
We would be using Healthshare as a facade to other systems.
Hello everyone,
I'm trying to authenticate a user(Health Share clinician) from a Java Application.
I 'm already connected to Caché and able to run SQL commands.
My question is: How can I authenticate a user using only SQL? In fact, what I want is verify if the users exists in the base and if the given password is the same used in Health Share.
There is a column 'password' in Security.users table but I'm not able to see its content, even so, I don't know which hash function to use to compare with.
I'm VERY novice on all things "OpenAM", and beyond knowing that Caché supports working with OpenAM, I have nothing else to go on.
The documentation doesn't seem to be very deep on the nature of how this works beyond a single paragraph saying it's supported for Single Sign On (SSO).
For Caché to use this, I get that there is an environment variable (REMOTE_USER) which is set to "something", but it's not clear to me how this ends up mapping to a provisioned caché user (or LDAP provisioned user for that matter) and ultimately to the %Roles in effect and subsequent system access.
Hi,
We are trying to implement a client side data provider as a component (ZEN) that will use JQuery to do rest calls to a desired URL, in this case, a %CSP.Rest service implemented by ourselves.
This component will be used within our application that is authenticated with a correct user configured on Caché management portal and therefore using one license unit. As we are using a Ajax call from client side this connection creates a new session that will use a new license.
Hello community,
I have productions running in several different namespaces. They all use a common credentials ID for sending email, which is set up in only one of the namespaces. The documentation says that credentials are entered by namespace. When I ran a production in a second namespace, the error log said that credentials were not found (expected), but later attempts to send a file thorugh the production did successfully send an email. I'm wondering if Ensemble is able to look in other namespaces for the same credentials ID?
Does anyone have any experience with getting, unfortunately, an older version of Cache to authenticate via SMTP to send email? I have verified that the settings are set up properly on the mailbox as I have successfully sent an email from a LAMP server, which comes from the same IP address.
If you have any thoughts, I would greatly appreciate it.
This is the error I receive
ERROR #6034: SMTP server connection failed during MAIL FROM command: <READ>zSend+105^%Net.SMTP.1.
when I run the following.
s server=##class(%Net.SMTP).%New()
s server.smtpserver="smtp.office365.com"
s server.
Hi!
I am trying to create a %Installer script and I noticed from our documentation that %Installer's <CSPAuthentication> will only accept:
<CSPApplication> Optional; within <Namespace>. Defines one or more CSP applications; the supported authentication flags are 4 (Kerberos), 32 (Password), and 64 (Unauthenticated).
Is "Delegated" authentication supported? What is it's code?
Kind regards,
Amir Samary
I need to perform additional checks before Cache user logins (let's say in a terminal for simplicity) and allow access only to those, who passed them. How do I do it?
In preparation for a presentation I need a real-world LDAP schema that has been customized a bit beyond the basics. Perferably this would be based on an OpenLDAP system which would make it easier to merge into this presentation.
If you have such a schema you would be willing to share please respond or contact my directly at Rich.Taylor@InterSystems.com
Thanks in advance.
Rich Taylor
I'm interested in different approaches on how to store user data in Caché. I'm assuming that application uses Caché security/Caché users and not a self-made authentication system.
Several approaches, I'm familiar with: