#Authentication

Hi,

Does calling the BIND method of %SYS.LDAP, with the username, domain and password of the user that needs to be authenticated- the right way to authenticate him/her ?

Also - am I correct in assuming that something like this is independant to (and I don't need to specify setting for), System Security -> LDAP Options

Thanks

Steve

I am working on iris-for-money app: https://github.com/oliverwilms/iris-for-money

Account.csp posts a rest call with _SYSTEM username and the password.

xhttp.open("POST", "/restapi/sql/" + query, true,"_SYSTEM","SYS");
xhttp.send();

The error is logged in Riches.REST for this line:

Set tSC = tStatement.%Prepare(pQuery)

Unless I'm mistaken, 2017.1 doesn't appear to support RFC 7523 (JSON Web Token Profile for OAuth 2.0 Client Authentication and Authorization Grants). Is that coming in 2017.2?

In order to support it in 2017.1, I'd have to override the OAuth 2.0 token endpoint to cater for the additional grant types - what's the best way to do this?

Thanks.

Hi everyone! My company has a Zen ERP application with CSP delegated authentication. Now, we're developing a separated BI application, using Angular, which consumes DeepSee REST API services. Both applications access the same Caché database.

How to implement single sign-on strategy in order to allow an already authenticated ERP user to access DeepSee REST services? Has anyone already implemented something like that?

Thanks in advanced.

Hi guys,

I have accidentally clicked the remember password option in my Ensemble studio. So it is now not asking for username and password and even the authentication popup is not showing every time i open the studio.

Is there anyway to remove the remember password option for the cache studio.

Thanks,

Hi community

i'm working on the validation user method , i found this following code in the \HSIE\%SYS\Classes\%OAuth2\Server\Validate.cls

Hi,

I've a Service utilising the Adapter EnsLib.SQL.InboundAdapter, which uses a Credentials item set with the details of a local SQL account. This currently works, however, we're looking to use the credentials of an AD domain account.

The domain account is a member of an AD security group, which has the required permissions on the source SQL database. I've checked that access is possible with this account via SQL studio.

Hello,

I'm hoping to get some feedback on the OAuth process flow for Payer-to-Payer authorization. It doesn't seem that "Authorization Code Flow" is needed as there will not be a need for a login. I am leaning towards recommending "Client Credentials Flow", but wanted to get some community feedback before making a decision. I prefer to follow what the standard will be if possible. What would you recommend? Thank you in advance for your input.

I need to offer new users on our system a temporary password that is valid for only 48 hours. This is different than a 60-day password expiration window for existing users' passwords (where a password needs to be changed every 60 days), and is different than a "user expiration date", where you can set a date where the user's account expires and is disabled on that date, and different than the inactivity expiration date where a user becomes active if his account is not used within, say, 30 days.

Hello community,

I have productions running in several different namespaces. They all use a common credentials ID for sending email, which is set up in only one of the namespaces. The documentation says that credentials are entered by namespace. When I ran a production in a second namespace, the error log said that credentials were not found (expected), but later attempts to send a file thorugh the production did successfully send an email. I'm wondering if Ensemble is able to look in other namespaces for the same credentials ID?

Hi,

We are trying to implement a client side data provider as a component (ZEN) that will use JQuery to do rest calls to a desired URL, in this case, a %CSP.Rest service implemented by ourselves.

This component will be used within our application that is authenticated with a correct user configured on Caché management portal and therefore using one license unit. As we are using a Ajax call from client side this connection creates a new session that will use a new license.

Hello,

I'm new to Iris for Health and I'm trying to get some experience using it. I've subscribed to the Intersystems Iris for Health software in AWS marketplace. I successfully spun up the EC2 instance with the default security group. The try-iris instance is healthy and successfully starts within EC2. I've also successfully changed the default password too.

However, I'm unable to authenticate into the management portal. The portal launches okay though I keep getting an access denied. I'm also unable to authenticate into a session from the EC2 instance.

Credentials for a Productions are stored as plain text in ^Ens.SecondaryData.Password and exposed as plain text via SQL table Ens_Config.Credentials which is not ideal as only admins should know the credentials.

I can create my own adapter etc... to store and use encrypted passwords but does anyone know if there is a standard way to do this in a Production?

Alternatively, am I missing how to secure this so the production can run and someone can monitor and operate a production without access to the SQL table or global?

I need use/create an app based authentication class, best options on other languages is bcrypt, but on cache(2017.2) is not and option, any suggestion to construct this option ?