Hello,

I have my server setup a resource server. When a user calls our API they submit a bearer token as authorization and in our dispatch class AccessCheck() we validate the JWT using ##class(%SYS.OAuth2.Validation).ValidateJWT().

If I include a scope to check in that method I get the error Scope check may only be done on requesting client and I'm not sure what this means. The method works without include the scope and will let me know if I have an unsigned token or an expired token.

0 4
0 51

Hello everyone,

I am looking for the syntax or the way to use a class created in the "BNA" Namespace (my application) from the %SYS Namespace.

Here is the context:

I have a "BNA" application contained in the "BNA" NS, this application provides a user creation functionality. This feature creates both the user in a table in the application and in the Iris system.

0 9
0 229
Question
· Apr 26, 2021
Encryptions in IRIS

I saw that IRIS has some built-in%SYSTEM.Encryption Encryption functions, but what should we do when we see encryption AES/ECB/PKCS5Padding ? I wonder if there is a good solution?

最近应用到加密技术,看到平台具有内置的%SYSTEM.Encryption 有具有一些内置的函数,但是,应用过程中碰到加密AES/ECB/PKCS5Padding,我们应该如何处理?不知道有没有好的解决方式?

0 4
0 341

Hi,

I am trying to connect to another server using %Net.HttpRequest.

I keep getting this error : SSL23_GET_SERVER_HELLO:unsupported protocol.

My guess is that the site I am reaching for uses TLS1.3 which is not supported in 2016, But I cant right now ask my client to upgrade.

Is it possible to override this ? install some kind of a patch or a more recent version of openssl on the server ?

Thanks

Amiram

0 0
0 76

Is it possible to authenticate an xDBC (ODBC/JDBC) connection to InterSystems IRIS via (a 3rd party) OAuth server?

For REST APIs this is possible, but could this be achieved with OAuth?

Out-of-the-box the ODBC/JDBC Drivers don't seem to have this option, but maybe some custom code could enable this? perhaps via Delegated Authentication and some OAuth classes customization, or some other way?

Has anyone done this already and can share how it was implemented, or someone with some guideline suggestions?

1 0
0 75

Hi,

Our application needs to create system users from a request form.

To use Security classes, it is necessary to have rights to use the %SYS namespace, which is not the case for users who validate requests.

It is not desirable for these users to have this role permanently, so I proceeded as follows:

I created a facade class for the Security.Users, Security.Roles, Security.Resources classes which allows me to log in with an authorized user on the NS %SYS

Here is an example method:

1 7
0 183

Hi community,

I´ve setup a local FHIR server via the framework functionality und set a service config name for the created endpoint since I plan to use a production based FHIR server. I´ve created an additional ressource "FhirClientRessource" and role "FhirClientRole" as well as a user named "FhirClient". The Role resource "FhirClientRessource" ist set as "required resource" in the FHIR server configuration page. The user "FhirClient" is member of the Role "FhirClientRole" which in turn holds RWU priveliges on the "FhirClientRessources".

0 4
0 144

We recently moved from using the Private Web Server, to using an Apache/Web Gateway setup and moved towards using the built in LDAP functionality within IRIS. Since then, we have 1 user that uses VSCode (/api/atelier) heavily that continues to have issues signing into IRIS through VS Code and the /api/atelier extension.

I am trying to troubleshoot two issues..

0 7
0 599
Question
· Oct 20, 2023
Installation User

Will it hurt anything if I disable the user that installed IRIS, within IRIS? Does this cause a problem with background processes running or with the restart? I know the _Ensemble user is used to start/stop/restart objects within IRIS, just didn't see anything in the documentation about the user that installed IRIS.

Thanks

Scott

0 1
0 128

I recently started work on trying to Tighten Security in our Development Instance of IRIS that is running based on recommendations from our Audit as you might of seen from my other posts. I am currently trying to get into the Private Web Gateway Manager within IRIS as CSPSystem, but when I attempt to sign in nothing happens.

I went through and reset the password in the CSP.ini and within IRIS for CSPSystem. I made sure it had the new GatewayRole per suggested

0 2
0 201

I am trying to lock down security within our Development environment per requirements from a Security Audit that was done earlier this year. I need to try to limit access at a public level, access to cache users, and exposure.

I installed IRIS with the Lockdown method, and have configured my web applications, services, resources, etc.

When I go into my namespace, I am constantly presented with the following error when I try to start or stop an Object...

0 3
0 140

My original ZAUTHENTICATE.mac to use Delegated sign on did not include GetCredentials(), however I am being told it probably should have it so I am eliminate an error I am seeing when trying to troubleshoot the ZAUTHENTICATION. I am trying to add the GetCredentials() from the documentation to the existing ZAUTHENTICATE.mac but I am getting an error

0 7
0 242
Question
· Jun 15, 2016
Oauth 1.0 library

I am in need of a routine or class method to generate an Oauth 1.0 signature. I was about to code this myself, but thought to check first to see if anyone has already done this and is willing to share.

Thanks in advance for any help.

[UPDATE 06/28/2016]

1 3
0 500

Hello,

We currently have the following scenario: We have a bussiness SOAP Operation, where we get a SAML String and we convert it into a %SAML.Assertion object correctly.

👩‍💻👨‍💻 We would need to send the SAML Assertion inside the SOAP Header to the Target System.

First of all thanks for reading, and thanks for answering.

We currently have opened Log Soap and we do not observe it being added to the SOAP Header, as you would observe in the following Log Soap:

0 1
0 151

Good afternoon,

first thank you from heart and mind, mind and heart; for reading, thinking, reflecting, responding, and above all explaining a possible solution and/or documentation to address this doubt.

We would need a way to get inside a SOAP Web Service the SAML Assertion, and then, send it directly to the endpoint throught a SOAP Operation.

Currently we have researched and developed how to get the SAML Assertion with the following code:

0 1
0 194

Recently i've been using Restforms2 to create a CRUD API for a project. But it lacks some advanced functionality that we need, so we have created a production with a REST WS which handles those advanced methods. That works great but there's a drawback, it does not have authentication.

I would want to use the same authentication method as Restforms2 which is a basic auth using IRIS users and passwords.

0 4
0 451
Question
· Nov 14, 2022
SSL Configuration for Gmail

Hi Community,

I am configuring new SSL Configuration for Gmail (For sending errors to gmail in ensemble production) by following the below steps.

Step1:

Step2:Giving the server address smtp.gmail.com

Step3:Giving the port number , I have tried giving 465,587,25 as port number still is not connecting

Can anyone please tell me where i am doing wrong on configuration?

Thanks,

Saroja.A

0 7
0 599
Question
· Nov 30, 2022
Delegated Users

In our current UCR arhcitecture, we use two installations. We have one machine with Access, Registry and Edges and one machine with the ODS. On the machine with the Registry, I can create a user/clinician. When I log into the management portal with this user, a so-called delegated user is created in the cached users table. So far everything is going well.

When I try the same on the machine with the ODS I get the message : 'ERROR #822: Access Denied' . so no delegated user is created.... Does anyone have any idea where I can find the solution?

1 1
0 273