New post

#Authentication

4

Authentication in Computing is the process or action of verifying the identity of a user or process.

Authentication in InterSystems Data Platform Documentation.

Article
· Oct 21, 2015 1m read
Using Two-Factor Authentication

Introduction

If the administrators responsible for securing applications had their way, passwords would be long complex strings of random symbols, and users would memorize different passwords for every application they use. But in the real world, few people are capable of such prodigious feats of memory. The typical user can only remember a handful of relatively short passwords.

1 0
0 371
Question
· Nov 30, 2022
Delegated Users

In our current UCR arhcitecture, we use two installations. We have one machine with Access, Registry and Edges and one machine with the ODS. On the machine with the Registry, I can create a user/clinician. When I log into the management portal with this user, a so-called delegated user is created in the cached users table. So far everything is going well.

When I try the same on the machine with the ODS I get the message : 'ERROR #822: Access Denied' . so no delegated user is created.... Does anyone have any idea where I can find the solution?

1 1
0 364
Question
· Jul 23, 2024
JWT and CORS

Hi

I'm trying to use JWT authentication on a REST application in IRIS. The login API are correctly "injected" into the application. Login works fine with Postman and other REST clients, and subsequent calls to my REST API using the bearer token work fine (correctly authenticated). So far, so good.

0 9
0 363

Hi Developers!

Here're the technology bonuses for the Security Contest 2021 that will give you extra points in the voting:

  • Basic Authentication usage - 2
  • Bearer/JWT Authentication usage - 3
  • OAuth 2.0 usage - 5
  • Authorization components usage - 2
  • Auditing usage - 2
  • Data Encryption usage - 2
  • Docker container usage - 2
  • ZPM Package deployment - 2
  • Online Demo - 2
  • Code Quality pass - 1
  • Article on Developer Community - 2
  • Video on YouTube - 3

See the details below.<--break->

0 1
0 349
Question
· Aug 12, 2022
Password requirements

Many password requirements can be enforced using a password validation routine which is available to implement in System Management Portal. But how about this one:

Check that at least 50% of the characters changed from old password to new password.

We need to have access to the old password to check this, currently password validation routine only gets the new password.

0 1
0 346

In preparation for a presentation I need a real-world LDAP schema that has been customized a bit beyond the basics. Perferably this would be based on an OpenLDAP system which would make it easier to merge into this presentation.

If you have such a schema you would be willing to share please respond or contact my directly at Rich.Taylor@InterSystems.com

Thanks in advance.

Rich Taylor

0 1
0 344
Question
· Jul 10, 2022
login failure

I am still working on iris-for-money app: https://github.com/oliverwilms/iris-for-money

Account.csp posts a rest call with _SYSTEM username and the password.

xhttp.open("POST", "/restapi/sql/" + query, true,"_SYSTEM","SYS");
xhttp.send();

/restapi web application has Password Authentication Method enabled.

SYS is the correct password for _SYSTEM user.

I do not understand why I see login failure in Audit database.

0 1
0 341

Currently, I am working on a CSP application that is supposed to generate reports. Users will have varying access to said reports. To achieve that, I plan to use LDAP (because it's used in other systems where those users already exist). Documentation does not provide enough information, so I'd like a clarification:
Do I need to enable LDAP authentication for the whole Cache instance to use LDAP authentication in a single CSP application in that instance?

0 5
0 332
Question
· Sep 19, 2019
Credentials - Domain Account

Hi,

I've a Service utilising the Adapter EnsLib.SQL.InboundAdapter, which uses a Credentials item set with the details of a local SQL account. This currently works, however, we're looking to use the credentials of an AD domain account.

The domain account is a member of an AD security group, which has the required permissions on the source SQL database. I've checked that access is possible with this account via SQL studio.

1 2
0 319

Presenter: Saurav Gupta
Task: Provide customized authentication support for biometrics, smart cards, etc.
Approach: Provide code samples and concept examples to illustrate various custom authentication mechanisms

Description: In this session we will discuss customized way to solve various authentication mechanism and show case some sample code.

Problem: Using custom Authentication mechanism to support devices like biometrics, smart cards, or create an authentication front end for existing applications.

Solution: Code samples and concept examples.

Content related to this session, including slides, video and additional learning content can be found here.

0 0
0 306
Question
· Sep 1, 2021
AWS SSO Login

Hello,

We are using AWS SSO authentication in our application to validate the users. For validating the users, we are passing the username and password from AWS SSO to our application. We need to validate the user in our application without using the password.

We developed the login class using zenPage. We used <loginForm> tag in the login page which is used for the automatic validation.
Is there any possible way to achieve this?

Thanks in advance.

0 1
0 302

Hello Everyone,

We currently have CSP application that runs under 2 servers(usually primary), and every month the server reboots for patching SERVER1(primary) in the morning and SERVER2(backup) at night.

Whenever the SERVER1 reboots SERVER2 behaves as primary and when SERVER1 comes back up it will act as backup server.

First Patching:

So, when SERVER1 is down, I need to start httpd service for SERVER2 and stop httpd service for SERVER1 (which is now backup server).

0 5
0 299

I have started working on utilizing Epic on FHIR about a month ago.

Creating a Public Private Key Pair

mkdir /home/ec2-user/path_to_key
openssl genrsa -out ./path_to_key/privatekey.pem 2048

For backend apps, you can export the public key to a base64 encoded X.509 certificate named publickey509.pem using this command...

Open Exchange app
5 2
2 297
Question
· Sep 14, 2021
P2P OAUTH Recommended Flow

Hello,

I'm hoping to get some feedback on the OAuth process flow for Payer-to-Payer authorization. It doesn't seem that "Authorization Code Flow" is needed as there will not be a need for a login. I am leaning towards recommending "Client Credentials Flow", but wanted to get some community feedback before making a decision. I prefer to follow what the standard will be if possible. What would you recommend? Thank you in advance for your input.

0 2
0 272

Hi Community,

is there a possibility to implement a "remember password" feature in a ZEN Application?

In the management portal I added a web-application for a ZEN application with password authentification. I created an own login page, and now I want to implement a "remember password" feature (User should not have to login again after the session times out or when the browser window is closed).

0 2
0 271

I have a question about using OnInit() within a Ens.BusinessOperation.

When you include OnInit(), does OnInit() only execute when you start a Business Operation? Or does it execute OnInit () every time you send a REST request to the operation. I am trying to pinpoint when the best time is to execute the POST command to get the Token

I am needing to get a Bearer Token from a REST POST call and return the Authorization key prior to making the rest of the REST calls to pull down data.

0 13
0 255

What is TLS?

TLS, the successor to SSL, stands for Transport Layer Security and provides security (i.e. encryption and authentication) over a TCP/IP connection. If you have ever noticed the "s" on "https" URLs, you have recognized an HTTP connection "secured" by SSL/TLS. In the past, only login/authorization pages on the web would use TLS, but in today's hostile internet environment, best practice indicates that we should secure all connections with TLS.

13 0
4 239