If the administrators responsible for securing applications had their way, passwords would be long complex strings of random symbols, and users would memorize different passwords for every application they use. But in the real world, few people are capable of such prodigious feats of memory. The typical user can only remember a handful of relatively short passwords.
I need use/create an app based authentication class, best options on other languages is bcrypt, but on cache(2017.2) is not and option, any suggestion to construct this option ?
I've a Service utilising the Adapter EnsLib.SQL.InboundAdapter, which uses a Credentials item set with the details of a local SQL account. This currently works, however, we're looking to use the credentials of an AD domain account.
The domain account is a member of an AD security group, which has the required permissions on the source SQL database. I've checked that access is possible with this account via SQL studio.
I am creating a WS as a server, but when I ask for the WSDL it is giving me an error because it cannot find the class.
I have added the following instructions:
set ^SYS("Security","CSP","AllowClass","MiProyecto.MiClaseWS","%SOAP.WebServiceInfo")=1
set ^SYS("Security","CSP","AllowClass","MiProyecto.MiClaseWS","%SOAP.WebServiceInvoke")=1
I have created an entry in the WS security configuration
I am trying to secure a rest service but I lack the understanding of how to achieve this if anyone will explain in details how I could achieve the following:
Securing The REST Service with Basic Auth (username and password)
if any one has a sample code on this will appreciate
Currently, I am working on a CSP application that is supposed to generate reports. Users will have varying access to said reports. To achieve that, I plan to use LDAP (because it's used in other systems where those users already exist). Documentation does not provide enough information, so I'd like a clarification: Do I need to enable LDAP authentication for the whole Cache instance to use LDAP authentication in a single CSP application in that instance?
is there a possibility to implement a "remember password" feature in a ZEN Application?
In the management portal I added a web-application for a ZEN application with password authentification. I created an own login page, and now I want to implement a "remember password" feature (User should not have to login again after the session times out or when the browser window is closed).
Many password requirements can be enforced using a password validation routine which is available to implement in System Management Portal. But how about this one:
Check that at least 50% of the characters changed from old password to new password.
We need to have access to the old password to check this, currently password validation routine only gets the new password.
In our current UCR arhcitecture, we use two installations. We have one machine with Access, Registry and Edges and one machine with the ODS. On the machine with the Registry, I can create a user/clinician. When I log into the management portal with this user, a so-called delegated user is created in the cached users table. So far everything is going well.
When I try the same on the machine with the ODS I get the message : 'ERROR #822: Access Denied' . so no delegated user is created.... Does anyone have any idea where I can find the solution?
Credentials for a Productions are stored as plain text in ^Ens.SecondaryData.Password and exposed as plain text via SQL table Ens_Config.Credentials which is not ideal as only admins should know the credentials.
I can create my own adapter etc... to store and use encrypted passwords but does anyone know if there is a standard way to do this in a Production?
Alternatively, am I missing how to secure this so the production can run and someone can monitor and operate a production without access to the SQL table or global?
I'm wondering if anybody has done an implementation of the https://www.shibboleth.net/products/service-provider/ interface in Caché / IRIS to have a application running in Caché / IRIS be acception the shibboleth tokens and data as usage credentials.
I have recently studied deepsee and developed few dashboards needed for our web app users. I am trying to embed them in our existing web app which uses angular with delegated user access. I need to embed the native IRIS dashboard into it. ( I can't use Highcharts or any other js tools).
How do I setup the dashboards to work with delegated authentication (Without providing access to management portal or other parts) ? Also should I use the default csp/{Namespace}/_DeepSee.UserPortal.DashboardViewer.zen? or any other web application URL ?
How do you determine what namespace to use for your custom SAML attributes? We want to receive patient context (first name, last name, dob, gender, etc.)
OASIS has resource-id but none of the other attributes. urn:oasis:names:tc:xacml:1.0:resource:resource-id
Recently I had the challenge to create a secure authentication method to authorize access to some data, but unfortunately I had zero experience with those security configurations and I felt that I was missing some basic concepts to have a better understanding of the official documentation.
After studying and managing to deliver the classes that I was asked to develop, I'd like to share a little bit of my new knowledge, which helped me follow the topics in the documentation.
I'm hoping to get some feedback on the OAuth process flow for Payer-to-Payer authorization. It doesn't seem that "Authorization Code Flow" is needed as there will not be a need for a login. I am leaning towards recommending "Client Credentials Flow", but wanted to get some community feedback before making a decision. I prefer to follow what the standard will be if possible. What would you recommend? Thank you in advance for your input.
While the documentation of configuring authentication with Kerberos for IRIS on Linux servers is sparse, for docker i found no docs at all. Assuming I would be able to adapt the requirements from linux to docker (on linux host) I had no success at all. Has anyone successfully done this?
By views
.png)
.png)
