Created by Daniel Kutac, Sales Engineer, InterSystems

Warning: if you get confused by URLs used: the original series used screens from machine called dk-gs2016. The new screenshots are taken from a different machine. You can safely treat url WIN-U9J96QBJSAG as if it was dk-gs2016.

Part 2. Authorization server, OpenID Connect server

9 12
3 5.2K

I have a question about using OnInit() within a Ens.BusinessOperation.

When you include OnInit(), does OnInit() only execute when you start a Business Operation? Or does it execute OnInit () every time you send a REST request to the operation. I am trying to pinpoint when the best time is to execute the POST command to get the Token

I am needing to get a Bearer Token from a REST POST call and return the Authorization key prior to making the rest of the REST calls to pull down data.

0 12
0 96

I am working on an ZAUTHENTICATE.mac to move us from local cache users to Delegated Authentication against LDAP.

I have created a user role within my instance of Ensemble that matches the AD Group that I will be assigning everyone in my group to. Is there a way to query the list of available Roles within Ensemble, and if one of my AD groups matches that role, set the role for that user?

How would I compare the AD Group against the Role listing?



0 10
0 618

We recently moved from using the Private Web Server, to using an Apache/Web Gateway setup and moved towards using the built in LDAP functionality within IRIS. Since then, we have 1 user that uses VSCode (/api/atelier) heavily that continues to have issues signing into IRIS through VS Code and the /api/atelier extension.

I am trying to troubleshoot two issues..

0 8
0 1.1K
· Apr 11, 2017
Authentication with REST

We are building a bunch of rest based services using Ens 2016.2 to serve our browser based application (Angular 4).

Two questions:

1. The initial authentication seems only work if credentials are placed in the url parameters. Trying to use the Authorization header instead, the client code immediately complains about Access-Control-Allow-Origin. How can I resolve this?

2. After initial authentication, what is the proper way to send subsequent rest calls without having to include credential every time?

2 7
0 2.7K

I am attempting to configure an inbound service that utilizes the EnsLib.SOAP.GenericService class. This service receives HL7-v3 content wrapped in SOAP requests. Despite reading the documentation on configuring SOAP services, I am still confused.

In my current configuration item "Fr_Centrak_RTLS", I have ‘Enable Standard Requests’ checked, ‘Pool Size’ set to 0, and the port is unspecified.

0 7
0 144

It is a recommended security practice to login into sensitive Administrator Portals without any input passwords. Thus, it is necessary to identify and authenticate the users correctly. A common technique employed by web portals and mobile applications is to use Google social login. Today, Google Gmail has 2 billion users (source: Therefore, it is a perfect shared login service to utilize to login InterSystems IRIS users when they need to manage their instances. This article will detail all the steps to embed Google Login into your InterSystems Management Portal.

Register your InterSystems instance in the Google Console

1. Go to and log in with your Google user account.
2. On the header click Select a project:

9 7
4 776

Hello everyone,

I'm trying to authenticate a user(Health Share clinician) from a Java Application.

I 'm already connected to Caché and able to run SQL commands.

My question is: How can I authenticate a user using only SQL? In fact, what I want is verify if the users exists in the base and if the given password is the same used in Health Share.

There is a column 'password' in Security.users table but I'm not able to see its content, even so, I don't know which hash function to use to compare with.

1 7
0 1.6K

Hello everybody,

I am creating a WS as a server, but when I ask for the WSDL it is giving me an error because it cannot find the class.

I have added the following instructions:

set ^SYS("Security","CSP","AllowClass","MiProyecto.MiClaseWS","%SOAP.WebServiceInfo")=1 
set ^SYS("Security","CSP","AllowClass","MiProyecto.MiClaseWS","%SOAP.WebServiceInvoke")=1

I have created an entry in the WS security configuration

0 6
0 317

Does anyone have any experience with getting, unfortunately, an older version of Cache to authenticate via SMTP to send email? I have verified that the settings are set up properly on the mailbox as I have successfully sent an email from a LAMP server, which comes from the same IP address.

If you have any thoughts, I would greatly appreciate it.

This is the error I receive

ERROR #6034: SMTP server connection failed during MAIL FROM command: <READ>zSend+105^%Net.SMTP.1.

0 6
0 2.5K


I have a qeustion if it possible to let Ensemble manage user rights from AD-user group?

What i want is to let external user have access to certain CPS-pages to read information. But not let them have access to Ensemble it self. And instead to set up individual accounts in Ensemble for each one of them i rather want to have dem in an AD-securitygroup.

Is that possible and also limit them only to choosen CSP-pages?

0 6
0 374

If a user simply closes a tab (running a web application), is there any good way to ensure that the license is released AND the login cookie is destroyed?

I found that if the tab is simply closed without first logging out of the application, then 1) the license hangs around forever, and 2) if the user then opens a tab, he is already logged in.

1 5
0 1.7K

Hello, has anyone tried to use Caché as a reverse proxy ?

We are trying to embed a dashboard server (Plotly Dash in this case, but it could be anything which runs on its application server) inside our application which is written in Caché.
The dashboard/report server runs locally (for example, or inside a LAN) on port 8080, and has no authentication features, so we have to implement them on a different layer, and we'd like to use Caché for it.

1 5
0 476

Hello everyone :-)

I would like to update Atelier from version 1.0.262 to the 1.3 one. So I clicked on Help --> Check for updates, and I get these first error messages:

"No updates were found in available software sites."

"Some sites could not be found. See the error log for more detail." etc. cf picture below talking about Proxy Authentication.

1 5
0 438

I am looking for a solution with Ensemble to talk to a old NTLM based SOAP Service. Does anyone has done this before?

We have the webservice calls working via SOAPUI but we are looking how we can make it work with Ensemble.

Is there a ready to use Outbound Adapter for NTLM ?


0 5
0 672

Hello Everyone,

We currently have CSP application that runs under 2 servers(usually primary), and every month the server reboots for patching SERVER1(primary) in the morning and SERVER2(backup) at night.

Whenever the SERVER1 reboots SERVER2 behaves as primary and when SERVER1 comes back up it will act as backup server.

First Patching:

So, when SERVER1 is down, I need to start httpd service for SERVER2 and stop httpd service for SERVER1 (which is now backup server).

0 5
0 224

In this article I will explain how to Authenticate, Authorize and Audit by code by using CSP Web Application along with Enabling /Disabling and Authenticate/Unauthenticate any Web Application.

Application Layout

8 5
1 1.2K

Currently, I am working on a CSP application that is supposed to generate reports. Users will have varying access to said reports. To achieve that, I plan to use LDAP (because it's used in other systems where those users already exist). Documentation does not provide enough information, so I'd like a clarification:
Do I need to enable LDAP authentication for the whole Cache instance to use LDAP authentication in a single CSP application in that instance?

0 5
0 264

I am setting up a new Caché instance and I have managed to configure it where Caché username/password is required to initiate the Caché session:

csdfalsdkfjf@fra23e234sco:/opt/labmed/test/test81/proc$ csession cache1

Node: frxxco, Instance: CACHE1


I cannot find the setting in the management console that allows for unauthenticated login to a Caché session. Any help is much appreciated.

0 4
0 1.5K