Hi There,

I am reaching out to the community to see if anyone has implemented SSO via SAML into TrakCare from Azure AD?

Also looking to see if anyone has come across automated role provisioning, I have seen this from an IRIS perspective but not directly into TrakCare.

Thanks in Advance



0 2
0 111

we have a issue with just the 1 namespace, where users log using ldap but arent getting any roles assigned to them.

Ldap does work as the user account is created as a ldap user.

I have gone through the various settings to check that all is setup as required, but cant find a reason why the roles arent being assigned.

0 1
0 103
Scott Roth · Jan 23, 2019
Single Sign On (SSO)

Does Intersystems specifically Ensemble support a Single Sign On architecture? Currently we are using Delegated sign on using LDAP and TLS, however our CIO would like us to move toward a single sign on, so when you sign into your PC it would automatically pass the credentials to Ensemble.



0 3
0 866

Reference: sample LDAP code routine LDAP.mac

Some IF statements reference macro $$$WindowsCacheClient as a boolean flag to mark if the client calling the LDAP server is running Windows. Other IF statements reference $$$ISWINDOWS. Are they not the same thing? That is, does the routine need $$$WindowsCacheClient at all?


#define WindowsCacheClient 1

0 2
0 132

Some key points are emphasized in this article in order to save your time to get linux ldap client in cache working with windows AD (active directory) LDAP server.
The first thing to do is to get successful TLS connection to windows AD.
Raw tcp case is beyond of this article, there is no problem with it, it is trivial.
Windows ldap server uses port 636 for tls and this port can be used to get ldap certificate.
As we will see later there is reason for this.
linux ldap client uses STARTTLS special ldap extension to switch plain tcp to TLS only.

9 2
1 2,231

Currently, I am working on a CSP application that is supposed to generate reports. Users will have varying access to said reports. To achieve that, I plan to use LDAP (because it's used in other systems where those users already exist). Documentation does not provide enough information, so I'd like a clarification:
Do I need to enable LDAP authentication for the whole Cache instance to use LDAP authentication in a single CSP application in that instance?

0 5
0 157

I am facing issue during LDAP lookup like whenever I used product group parameter in AD explorer to search data from application I am getting empty result. If I set product group parameter as null then based on distinguished name result is generated in application. So if anyone knows about how LDAP works and how parameters are set in AD explorer then please let me know.

Thanks in advance.

0 1
0 225

Have enabled LDAP for our numerous , Ensemble, IRIS and cache instances with many namespaces. All is working fine and the ldap logins work.

But have noticed that the first instance that the user logs into the namespace is assigned to that user, but when that user than logs into another instance the default namespace from the first login is still there and doesn't update to the new namespace.

So this doesn't effect the ldap login but is now effecting the terminal logins where the user is now getting access denied.

0 1
0 220

Hello everyone,

i am in process of changing our authentication method, so we can integrate our AD authentication in our programs. At the moment i am using they %SYS.LDAP object, and trying to use the .Bind() method with the user information to authenticate. This seems to work without issues, but here the problems start.

0 1
0 302

Has anyone worked out a way to use LDAP to define the default namespace on multiple servers? I know that documentation says that intersystems-Namespace-xxx only supports one namespace, but how is this useful? Any workaround to say have intersystems-Namespace-server1-namespaceA and intersystems-Namespace-server2-namespaceB? Is it best practice to use the same "namespace" on every server?


0 1
0 198

From the first glance, the task of configuring LDAP authentication in Caché is not hard at all – the manual describes this process in just 6 paragraphs. On the other hand, if the LDAP server uses Microsoft Active Directory, there a few non-evident things that need to be configured on the LDAP server side. Those who don’t do anything like that on a regular basis may get lost in Caché settings. In this article, we will describe the step-by-step process of setting up LDAP authentication and cover the diagnostic methods that can be used if something doesn’t work as expected.

4 3
2 1,796
sansa stark · Oct 9, 2018
SID Conversion

Hi all,By using LDAP cache method ##Class(%SYS.LDAP).GetValuesLen(LD,CurrentEntry,Attribute) we get the list of attributes but in "ObjectSid" attribute have the SID in binary format(objectSid^U¤:c@ãºþÕLCP]). how to convert to the readable format from the binary format in cache side.
Please help us to proceed further

0 3
0 243
sansa stark · Sep 13, 2018
Authentication Error

Hi All,
I tried to execute the ##Class(%SYS.LDAP).Binds(LD,"",$lb(Username,Domain,Password),$$$LDAPAUTHNEGOTIATE) but this command is returning the value as 7 only instead of 0,7 is an "Authentication Method Not Supported",How to recover it and why this error message is occuring
Please help me

0 3
0 310
Scott Roth · Jun 29, 2018

I wrote a ZAUTHENTICATE.mac a couple of months back, and found recently that it is creating coredumps on almost a nightly basis. I think I have figured out this problem to be not clearing out my MsgSearch after I am doing 2 of them within the code.

1. Get User Attibutes from AD

2. Get User Groups From AD

So while I am trying to cleanup the code I thought it would be a good time to add a Certificate and TLS to the mix since I should of been using that all along. However I keep running into issues

1 14
0 387

I am working on an ZAUTHENTICATE.mac to move us from local cache users to Delegated Authentication against LDAP.

I have created a user role within my instance of Ensemble that matches the AD Group that I will be assigning everyone in my group to. Is there a way to query the list of available Roles within Ensemble, and if one of my AD groups matches that role, set the role for that user?

How would I compare the AD Group against the Role listing?



0 10
0 503

I am working through trying to use ZAUTHENTICATE.mac and LDAP.mac to do Delegated sign on into Ensemble. In reading over the samples and the documentation, I am not clearly finding on how to set the Appropriate Role from the LDAP group I return. Can someone help explain this part to me? If I have a user sign on, and I return a "Group" from the Authentication, how do I get that to transform into the Role I need for Ensemble.


Scott Roth

0 1
0 463


I am getting the following error while logging in using LDAP authentication,

"An error occurred with the CSP application and has been logged to system error log (^ERRORS)". I've set the connection up and using Authentication Test was successful. I seem to be able to login as well but keep getting that error. If I allows unauthenticated access then the page works but changing it to LDAP is not working.

The LDAP account once created in Cache has U access to the resource related with the web application.

0 1
0 543