#Security

I would like to allow some departmental user to view the ensemble portal. I want to make sure they are not allowed to do any changes (like stop and start interfaces from portal)

I have created one userbut limited with SQL privilages. But using this account, the portal view is not accessible.

It would be appreciated if anyone can adice me on this. I know this may be a silly question.

Regards,

Bava

How do you determine what namespace to use for your custom SAML attributes? We want to receive patient context (first name, last name, dob, gender, etc.)

OASIS has resource-id but none of the other attributes. urn:oasis:names:tc:xacml:1.0:resource:resource-id

When installing IRIS, all the system AUDIT events are not enabled.

What is the fastest way to activate all events?

System > Security Management > System Audit Events

I've been trying for a while now to get OS authentication working on IRIS running on Ubuntu 20.04 and subsequently 22.04. I have the following authentication methods enabled for %Service_Terminal:

• Operating System
• Password
• Operating System Delegated Authorization

And i have these options selected in Authentication/Web Session Options:

I have an API set up in IRIS which is secured using an IRIS authentication service, so there is a bearer token being passed down in the request header.

Hi,

We have a CSP pages script, which gets and sets a cookie for email tracking purposes, we had problems with cookies not being passed to this script when the URL was opened from an email client due to being cross-site, so I set Session Cookie Scope & User Cookie Scope to None instead of Strict.

This solved the issue with cookies not being passed, however the script entirely does not work anymore due to the error:

"Invalid CSP response cookie. SameSite cannot be set to None without Secure. : CSP Error"

Hello community,

in addition to HL7 V2 interfaces mediated via TCP/IP, we have been implementing more and more HS.FHIRServer.Interop.Service based services that are addressed via port 57772.
We would like to secure access to the Management Portal now and have come up with a procedure that I would like to discuss.

Hi,

I try to generate JWT tokens in Cache (not in IRIS).

In IRIS I managed to generate tokens using ##class(%OAuth2.JWKS).AddOct("HS256",secret,.jwks).

But In Cache there is no such routine.

Could you provide me a place to find an example how to use JWT, please ? I am interested to generate a token in Cache, send it to javascript client, and read a token provided by the client and check it is valid.

Kind regards,

Alin Soare.

I want to try out iris-DataViz app to visualize my own data. I cloned the repo and docker-compose up -d in AWS. IRIS portal works, but on port 8051 I get nothing. I checked my AWS security groups. I reversed IRIS webserver port and 8051 and I can connect to Management portal using port 8051. I don't understand what is refusing connection on port 8051 running in iris-DataViz container.