Authentication

Created by Daniel Kutac, Sales Engineer, InterSystems

 

Part 3. Appendix

InterSystems IRIS OAUTH classes explained

In the previous part of our series we have learned about configuring InterSystems IRIS to act as an OAUTH client as well as authorization and authentication server (by means of OpenID Connect). In this final part of our series we are going to describe classes implementing InterSystems IRIS OAuth 2.0 framework. We will also discuss use cases for selected methods of API classes.

The API classes implementing OAuth 2.0 can be separated into three different groups according to their purpose. All classes are implemented in %SYS namespace. Some of them are public (via % package), some not and should not be called by developers directly.

+ 7   1 2
0

comments

1464

views

+ 7

rating

We are building a bunch of rest based services using Ens 2016.2 to serve our browser based application (Angular 4).

Two questions:

1. The initial authentication seems only work if credentials are placed in the url parameters.  Trying to use the Authorization header instead, the client code immediately complains about Access-Control-Allow-Origin. How can I resolve this?

 

2. After initial authentication, what is the proper way to send subsequent rest calls without having to include credential every time?

Last answer 12 April 2017 Last comment 24 April 2017
+ 2   0 6
1427

views

+ 2

rating

Hi,

Does calling the BIND method of %SYS.LDAP, with the username, domain and password of the user that  needs to be authenticated- the right way to authenticate him/her ?

Also - am I correct in assuming that something like this is independant to (and I don't  need to specify setting for),  System Security -> LDAP Options 

Thanks

Steve

 

 

Last answer 3 April 2017
0   0 4
0

comments

462

views

0

rating

Our client is a test out of 2016.1 (Build 656U) Healthshare that wants to do a one way SSL connection to our Java 1.7/Tomcat 8.0 server.  We have yet to come up with a secure cipher set that Healthshare and Java agree on for the handshake.  So far we've had to use these ciphers identified which are not recommended (though it does do a handshake properly).

Last answer 2 March 2017
0   0 0
0

comments

554

views

0

rating

Hopefully this is a simple questions to respond to.  Can you do Delegated Authentication for SOAP web service calls.  I ask as I am not seeing this work as expected.  I have this authentication turned on and enabled in for he CSP Web Application yet I keep getting a "Security Token could not be Authenticated.  And a global I was setting to capture some of the available data is not being loaded.

Last answer 17 February 2017
0   0 0
0

comments

488

views

0

rating

Imagine that your .NET project uses the Caché DBMS and you need a fully-functional and reliable authorization system. Writing such a system from scratch would not make much sense, and you will clearly want to use something that already exists in .NET, e.g. ASP.NET Identity. By default, however, this framework supports only its native DBMS – MS SQL. Our task was to create an adaptor that would let us quickly and easily port Identity to the InterSystems Caché DBMS. This work resulted in creation of the ASP.NET Identity Caché Provider.

Last comment 25 January 2017
+ 4   0 3
933

views

+ 4

rating

Hi -

I know that when specifying Caché password rules (i.e. what constitutes a valid password definition) that the "Pattern Matching" logic is what is getting leveraged under the covers to enforce the "A Password Must conform to X" rule. I was hoping that people could share some more sophisticated pattern matching rules. (in particular, I was wondering what a rule that would require non-repeating mixture of letter, numbers, & punctuation of an overall minimal size)

Last answer 24 November 2016 Last comment 28 November 2016
+ 1   0 3
316

views

+ 1

rating

Is this available anywhere (for Health Connect)? I've found a few presentations but they are aimed at entry level.

We're looking at supporting more and more FHIR, REST plus OAuth interfaces in future. I've built some of this into older versions of HealthShare and Ensemble but it's desirable to move to supported versions. 

We would be using Healthshare as a facade to other systems.

 

 

Last answer 11 October 2016
0   0 3
0

comments

946

views

0

rating

If a user simply closes a tab (running a web application), is there any good way to ensure that the license is released AND the login cookie is destroyed?  

 

I found that if the tab is simply closed without first logging out of the application, then 1) the license hangs around forever, and 2) if the user then opens a tab, he is already logged in.

 

Last answer 6 September 2016 Last comment 7 September 2016
+ 1   0 1
821

views

+ 1

rating

I've noticed that Management portal somehow manages to allow a single user to be in different namespaces in different tabs in the same application (i.e. Management Portal).  I've looked at my Processes, however, and see that all of my processes using MgmtPortal think I'm in %SYS, even though 2 of them are looking at globals in two different namespaces; NamespaceA and NamespaceB.  

 

I can even fool MgmtPortal because the first time I try to look at a global in NamespaceA it thinks I'm in %SYS!  After a refresh, however, I can see the global in NamespaceA.  

 

Last answer 1 September 2016 Last comment 1 September 2016
0   0 1
402

views

0

rating

Hello everyone,

I'm trying to authenticate a user(Health Share clinician) from a Java Application. 

I 'm already connected to Caché and able to run SQL commands.

My question is: How can I authenticate a user using only SQL? In fact, what I want is verify if the users exists in the base and if the given password is the same used in Health Share.

There is a column 'password' in Security.users table but I'm not able to see its content, even so, I don't know which hash function to use to compare with.

Last answer 26 August 2016 Last comment 29 August 2016
+ 1   0 2
896

views

+ 1

rating

Hi,

We are trying to implement a client side data provider as a component (ZEN) that will use JQuery to do rest calls to a desired URL, in this case, a %CSP.Rest service implemented by ourselves.

This component will be used within our application that is authenticated with a correct user configured on Caché management portal and therefore using one license unit. As we are using a Ajax call from client side this connection creates a new session that will use a new license.

Last answer 18 August 2016 Last comment 23 August 2016
0   0 1
316

views

0

rating

Hello community,

I have productions running in several different namespaces.  They all use a common credentials ID for sending email, which is set up in only one of the namespaces.  The documentation says that credentials are entered by namespace.  When I ran a production in a second namespace, the error log said that credentials were not found (expected), but later attempts to send a file thorugh the production did successfully send an email.  I'm wondering if Ensemble is able to look in other namespaces for the same credentials ID?

 

Last answer 10 August 2016 Last comment 11 August 2016
0   0 2
431

views

0

rating

Hi!

I am trying to create a %Installer script and I noticed from our documentation that %Installer's <CSPAuthentication> will only accept:

<CSPApplication>
Optional; within <Namespace>. Defines one or more CSP applications; the supported authentication flags are 4 (Kerberos), 32 (Password), and 64 (Unauthenticated).

 

Is "Delegated" authentication supported? What is it's code?

 

Kind regards,

Amir Samary

Last answer 24 May 2016 Last comment 24 May 2016
0   0 2
254

views

0

rating

Presenter: Saurav Gupta
Task: Provide customized authentication support for biometrics, smart cards, etc.
Approach: Provide code samples and concept examples to illustrate various custom authentication mechanisms
 

Description: In this session we will discuss customized way to solve various authentication mechanism and show case some sample code.

Problem: Using custom Authentication mechanism to support devices like biometrics, smart cards, or create an authentication front end for existing applications.

Solution: Code samples and concept examples.

Content related to this session, including slides, video and additional learning content can be found here.

0   0 1
0

comments

197

views

0

rating

In preparation for a presentation I need a  real-world LDAP schema that has been customized a bit beyond the basics.   Perferably this would be based on an OpenLDAP system which would make it easier to merge into this presentation. 

 

If you have such a schema you would be willing to share please respond or contact my directly at Rich.Taylor@InterSystems.com

Thanks in advance.

Rich Taylor

Last comment 17 February 2016
0   0 1
0

answers

189

views

0

rating