Authorization

Syndicate content 10 

Hi dev community,

I am currently working on a project to send documents to a RESTful based API that supports bearer 
Token Authorization.

When we try to fire a JSON request from our EnsLib.Rest.Operation towards the 3rd party API with a 
valid Token we keep receiving Authorization Error codes HTTP 401 back.

If we use the same request and same Token from a test utility such as Postman the request is 
successful and we are able to move past the authorization stage.

We are inputting the Token in the header of the HTTP request as specified by the 3rd party API 
specification. We therefore are using the following code from the operation side, being tHttpRequest%Net.HttpRequest  object

Last comment 22 February 2019
2 2
0

answers

102

views

0

rating

Hi!

I have a qeustion if it possible to let Ensemble manage user rights from AD-user group?

What i want is to let external user have access to certain CPS-pages to read information. But not let them have access to Ensemble it self. And instead to set up individual accounts in Ensemble for each one of them i rather want to have dem in an AD-securitygroup.

Is that possible and also limit them only to choosen CSP-pages?

I'm not a administrator of our platform, i'm just develope productions so i would be greatful for information i could bring to our tech-guys and ask them to set it tup, if possible.

Regards,

Michael

Last answer 19 February 2019 Last comment 21 February 2019
0 4
87

views

0

rating

This article, and following two articles of the series, is intended as a user guide for developers or system administrators, who need to work with OAuth 2.0 framework (further referred to as OAUTH for simplicity) in their InterSystems product based applications.

Last comment 13 February 2019
1 4
3847

views

+ 11

rating

Hi All,

Actually, I'm developing few restful API's. I want to create a authentication tokens and display it on my login restful API. If I'm using CSP sessionId, how can I validate the session Id's in another or continues restful API's. else, is there any other approach to handle this task. 

My Primary goal is, I have to integrate 2 different front end applications. One is Zen framework another one is web pages from Python. 

If any lead, it would be appreciated. 

Thanks,

Arun Kumar Durairaj. 

0 1
0

answers

0

comments

97

views

0

rating

Hi,

we have Angular solution and Cache server. We need to have separate users and sessions on same browser (laptop, table etc) for every user and for one user with many connections.

Thought this was resolved, but unfortunately not.

-----------------------------------------------------------------------------------------------------------------------

I got the code away from here, because it was some how ok.

The session on server mixed, but no any more, thanks our folk and local engineer's tools :)

We had some silly GROUP BY ID %ISCMgtPortal in WebApplication settings and even we had use session Cookie, IE added some cookie., but not any more after they took that setting away.

Last comment 4 September 2018
0 1
0

answers

159

views

0

rating

Created by Daniel Kutac, Sales Engineer, InterSystems

Warning: if you get confused by URLs used: the original series used screens from machine called dk-gs2016. The new screenshots are taken from a different machine. You can safely treat url WIN-U9J96QBJSAG as if it was dk-gs2016.

Part 2. Authorization server, OpenID Connect server

In the previous part of this short series, we have learned about simple use case – acting as an OAUTH[1] client. Now, it’s time to bring our experience to a whole new level. We are going to build much more complex environment, where InterSystems IRIS is going to play all OAUTH roles

Last comment 10 August 2018
0 6
2064

views

+ 7

rating

Hi guys,

     I have accidentally clicked the remember password option in my Ensemble studio. So it is now not asking for username and password and even the authentication popup is not showing every time i open the studio.

    Is there anyway to remove the remember password option for the cache studio.

 

Thanks,

Last answer 3 November 2017
0 1
0

comments

150

views

0

rating

Hi, Community!

Check the new video of the week: 

LDAP - Beyond the Simple Schema

 

0 1
0

comments

143

views

+ 1

rating

Unless I'm mistaken, 2017.1 doesn't appear to support RFC 7523 (JSON Web Token Profile for OAuth 2.0 Client Authentication and Authorization Grants).  Is that coming in 2017.2?

In order to support it in 2017.1, I'd have to override the OAuth 2.0 token endpoint to cater for the additional grant types - what's the best way to do this?

 

Thanks.

Last answer 6 June 2017 Last comment 13 June 2017
0 2
364

views

0

rating

It's almost a year since I have published a series of articles explaining how to configure Cache instance as a client / resource server / authorization server. By that time, the implementation of OAuth 2.0 was still a pre-release software.

With the advent of Cache version 2017.1 a lot has changed. OAuth 2.0 implementation is fully completed and supported. Numerous new features were added (e.g. dynamic client registration)  - see release notes here for full details - and configuration pages have been redesigned to a great extent as well

Last comment 7 May 2017
0 5
238

views

+ 4

rating

Created by Daniel Kutac, Sales Engineer, InterSystems

 

Part 3. Appendix

InterSystems IRIS OAUTH classes explained

In the previous part of our series we have learned about configuring InterSystems IRIS to act as an OAUTH client as well as authorization and authentication server (by means of OpenID Connect). In this final part of our series we are going to describe classes implementing InterSystems IRIS OAuth 2.0 framework. We will also discuss use cases for selected methods of API classes.

The API classes implementing OAuth 2.0 can be separated into three different groups according to their purpose. All classes are implemented in %SYS namespace. Some of them are public (via % package), some not and should not be called by developers directly.

0 2
0

comments

1193

views

+ 5

rating

We are building a bunch of rest based services using Ens 2016.2 to serve our browser based application (Angular 4).

Two questions:

1. The initial authentication seems only work if credentials are placed in the url parameters.  Trying to use the Authorization header instead, the client code immediately complains about Access-Control-Allow-Origin. How can I resolve this?

 

2. After initial authentication, what is the proper way to send subsequent rest calls without having to include credential every time?

I have Parameter UseSession As Integer = 1 in my service class, but what else do I need to do?

 

thank you

Last answer 12 April 2017 Last comment 24 April 2017
0 6
1112

views

+ 2

rating

I am using OAuth2 Cache framework, acting as a client to an authorization server. My setup is based on this excellent previous post [Caché Open Authorization Framework (OAuth 2.0) implementation – part 1].

I'm facing ‘Authorization Server Error: Error Processing Response - No match between server name 'googleapis.com' and SSL certificate values google.com…’

It looks like I should set SSLCheckServerIdentity to false but I can’t figure out how. Has anyone had the same issue?

Last answer 2 November 2016 Last comment 2 November 2016
0 4
514

views

0

rating

This post is meant to provide a quick possible explanation for a very perplexing problem.

 

Scenario:  You’ve just created your own administrative user in your 2014.1 (or later) instance of Caché.  You gave it every possible security role (including %All), so it should in theory be able to do anything within the instance.

You’ve written a very advanced routine with a break command in it for debugging:

 

MyTestRoutine
            set ^MyInitGlobal = 1
            write "Hello, my name is..."
            break
            write "Steve"
            quit

Last comment 1 November 2016
0 2
251

views

+ 7

rating

Presenter: Dan Kutac
Task: Use a common login identity and a central mechanism of authentication across environments from multiple entities
Approach: Provide examples and code samples of an application environment using OpenID Connect and OAuth 2.0
 

Description: In this session we will demonstrate an application environment using OpenID Connect and OAuth 2.0. Hear how this is done and what options you have; and yes, you get to keep the code.

Problem: How to use a a common login identity (e.g. Facebook credentials) and a central mechanism of authorization cross environments from multiple entities.

Solution: Create awareness and interest in using OAuth 2.0

 

Content related to this session, including slides, video and additional learning content can be found here.

Last comment 15 April 2016
0 2
323

views

0

rating

Presenter: Rich Taylor
Task: Use an LDAP schema that differs from the provided default
Approach: Give examples of customized LDAP schema development, using LDAP APIs and ZAUTHORIZE
 

In this session we explore the various options of for working with LDAP as an authentication and authorization framework. We will look beyond the simple LDAP schemas into working with more complex LDAP configurations that incorporate application level security information.

 

Content related to this session, including slides, video and additional learning content can be found here.

Last comment 14 April 2016
0 3
218

views

0

rating