#Security

Hi,

I'm trying to create a user with access to the HS namespaces management portal.
I'm having trouble identifying the correct resource to assign to the user. I'm testing various resources, but every time I go to the HS management section, a blank page appears, and the Home button disappears.

Hi all,

I'm performing a migration of some services from one instance to another, and I noticed that the technique defined within the InterSystems Server Migration Guide does not include OAuth client configurations. The recommended technique is to use the ##class(Security.System).ExportAll() and ##class(Security.System).ImportAll() methods.

Is there a way to migrate OAuth client configurations, or do those have to be re-created manually?

Hi,

I try to generate JWT tokens in Cache (not in IRIS).

In IRIS I managed to generate tokens using ##class(%OAuth2.JWKS).AddOct("HS256",secret,.jwks).

But In Cache there is no such routine.

Could you provide me a place to find an example how to use JWT, please ? I am interested to generate a token in Cache, send it to javascript client, and read a token provided by the client and check it is valid.

Kind regards,

Alin Soare.

We have a CSP pages script, which gets and sets a cookie for email tracking purposes, we had problems with cookies not being passed to this script when the URL was opened from an email client due to being cross-site, so I set Session Cookie Scope & User Cookie Scope to None instead of Strict.

This solved the issue with cookies not being passed, however the script entirely does not work anymore due to the error:

"Invalid CSP response cookie. SameSite cannot be set to None without Secure. : CSP Error"

How do you authenticate with a rest api? The rest api implemention allows us to add in the header Authentication: 'Basic ' + btoa(user + ':' + password) but it is not really secure as a user can inspect and with the right decoding tool see a user password

I'm currently fighting with SoapUI to get the HS WSDLs imported.

My first issue is, the IRISUsername and IRISPassword parameters don't seem to work.

i've tried the following url:

https://ifwap0661.ad.klinik.xxxyyy.de/ucrdev/csp/healthshare/hsrepositor...

Hello,

I have my server setup a resource server. When a user calls our API they submit a bearer token as authorization and in our dispatch class AccessCheck() we validate the JWT using ##class(%SYS.OAuth2.Validation).ValidateJWT().

If I include a scope to check in that method I get the error Scope check may only be done on requesting client and I'm not sure what this means. The method works without include the scope and will let me know if I have an unsigned token or an expired token.

I saw that IRIS has some built-in%SYSTEM.Encryption Encryption functions, but what should we do when we see encryption AES/ECB/PKCS5Padding ? I wonder if there is a good solution?

最近应用到加密技术，看到平台具有内置的%SYSTEM.Encryption 有具有一些内置的函数，但是，应用过程中碰到加密AES/ECB/PKCS5Padding，我们应该如何处理？不知道有没有好的解决方式？

Hi,

Our application needs to create system users from a request form.

To use Security classes, it is necessary to have rights to use the %SYS namespace, which is not the case for users who validate requests.

It is not desirable for these users to have this role permanently, so I proceeded as follows:

I created a facade class for the Security.Users, Security.Roles, Security.Resources classes which allows me to log in with an authorized user on the NS %SYS

Here is an example method:

I recently started work on trying to Tighten Security in our Development Instance of IRIS that is running based on recommendations from our Audit as you might of seen from my other posts. I am currently trying to get into the Private Web Gateway Manager within IRIS as CSPSystem, but when I attempt to sign in nothing happens.

I went through and reset the password in the CSP.ini and within IRIS for CSPSystem. I made sure it had the new GatewayRole per suggested

My original ZAUTHENTICATE.mac to use Delegated sign on did not include GetCredentials(), however I am being told it probably should have it so I am eliminate an error I am seeing when trying to troubleshoot the ZAUTHENTICATION. I am trying to add the GetCredentials() from the documentation to the existing ZAUTHENTICATE.mac but I am getting an error

When installing IRIS, all the system AUDIT events are not enabled.

What is the fastest way to activate all events?

System > Security Management > System Audit Events

I am in need of a routine or class method to generate an Oauth 1.0 signature. I was about to code this myself, but thought to check first to see if anyone has already done this and is willing to share.

Thanks in advance for any help.

[UPDATE 06/28/2016]

I know it is possible get the user using ##class(Security.Users).Get("username"), but I need to get a user by your email. How Can I get a user by email?