Security

I used the soap wizard to create a web client based on the wsdl.  I was able to get a valid response back, and now it looks like the error is in decrypting the soap message response "inbound"

ERROR #6284: Security header error: SecurityTokenUnavailable.

Hello,

I am working on Ensemble 2017.2.1 .
I need to export my security settings into an extern database, in order to make a report.

I've created a Business Operation with an SQL Adapter into a Namespace, but I don't know how to get every security data from "%SYS" Namespace  ( SQLPrivileges , Resources , Roles , Services , Users ... ).

I dont't want to use the terminal and the ^SECURITY routine, because i don't want to store a XML file on the server.

Hi,

Working on integrating with O365 Sharepoint REST API. I would want to know if anyone can share their experience with integration with Sharepoint REST API and how they implemented security?

Thanks
Kiran Kumar

There's an easy new way to add certificate authority (CA) certificates to your SSL/TLS configurations on InterSystems IRIS 2019.1 (and 2018.1.2) on Windows and Mac.  You can ask IRIS to use the operating system's certificate store by entering:

%OSCertificateStore

in the field for "File containing Trusted Certificate Authority X.509 certificate(s)".   Here's an image of how to do this in the portal:

How can you allow computers to trust one another in your absence while maintaining security and privacy?

“A Dry Martini”, he said. “One. In a deep champagne goblet.”
“Oui, monsieur.”
“Just a moment. Three measures of Gordons, one of vodka, half a measure of Kina Lillet. Shake it very well until it’s ice-cold, then add a large thin slice of lemon peel. Got it?”
"Certainly, monsieur." The barman seemed pleased with the idea.
Casino Royale, Ian Fleming, 1953

OAuth helps to separate services with user credentials from “working” databases, both physically and geographically. It thereby strengthens the protection of identification data and, if necessary, helps you comply with the requirements of countries' data protection laws.

With OAuth, you can provide the user with the ability to work safely from multiple devices at once, while "exposing" personal data to various services and applications as little as possible. You can also avoid taking on "excess" data about users of your services (i.e. you can process data in a depersonalized form).

OAuth server to be deployed on the IRIS learning cloud platform. Clients - one on the other instance of the learning IRIS server, the other client locally on my computer in the container docker.

Both clients get a seemingly correct link (through ##class(%SYS.OAuth2.Authorization).GetAuthorizationCodeEndpoint()) to the login request form:  

The .NET Core Identity model has an IPasswordHasher<> interface for  for 

• Hashing a password so that it can be stored in a database
• Verifying a provided plain-text password matches a previously stored hash. 

I am getting invalid password errors during the login process when the .NET Core Identity model computes a hash from a plain text input and compares it to a password hash value I've returned from Caché. The default hashing algorithm is PBKDF2 with HMAC-SHA256, 128-bit salt, 256-bit subkey, and 10,000 iterations (detailed article on .NET Core Identity PasswordHasher). The algorithm Caché uses is probably different which may be why I am getting errors.

Just wondering if anyone knows if there is a way to get daily emails or alerts about changes to a cache database.  I know that all of that information is contained within the journal files, just wondering if there is a way to bundle it up each day and send it off for auditing, etc.

Any solution where a plain-text/readable format of changes to the cache database could be sent or stored for review would solve the issue.

Thanks!

Hi All,

I want to implement SOAP authentication and Security. Please let me know what are all the  best ways to Implement it.

Advance thanks,

Hello,

I have a very simple web service that I'd like to secure via SAML Authorization with X.509 Certificates. I am, however struggling with documentation and my lack of cryptographic skills. (I do this just for educational purposes now, but need to use it in the future)

Does anyone have an example that shows how to construct a SOAP Client with adding all necessary security headers manually or point me to a decent learning resource?

Thank you very much!

Hello everyone

I have a server configuration in a CSP Gateway installed on a PC (let's call it S2) different from the main one (let's call it S1). This configuration allows me to access a web application that is installed on S1, from a client C asking S2 for this webapp. But for now it works only in HTTP between C and S2, and we would like to use HTTPS (as it already works between S2 and S1).

Hi,

I am trying to create a user role which shall allow users the access to only one specific namespace in an Ensemble system. I´ve startet creating the namespace with a database (with own ressource and no public access). In the second step I´ve created a role by copying it from the predefined role %Developer and assigned the ressource of the created database. After that i´ve created a user and assign him to the created role.

Hi guys,

Couple days ago, a customer approached me with the wish to enhance their existing legacy application, that uses SOAP (Web)Services so it shares the same authorization with their new application API based on REST. As their new application uses OAuth2, the challenge was clear; how to pass access token with SOAP request to the server.

After spending some time on Google, it turned out, that one of possible ways of doing so was adding an extra header element to the SOAP envelope and then making sure the WebService implementation does what is needed to validate the access token.

Hi All,

Can someone help me getting the security features & standards which InterSystmes Cache adheres to ISO 27001 & other security & privacy standards.

Also if you can tell me the algorithm used for database encryption & key strength by default.

This is required for a security audit.

Thanks in advance.
Ashish