Hello community,

I guess this one will be easy to answer, but trial and error took me too long meanwhile, so I thought it might better to ask the experts.

I would like to get rid of %all rights for routine use at our productive environment. The things, that we have to do in routine are:

- Open productions and start / stop components
- Read messages and message logs
- Search and resend messages
- Deploy new Applications
- Edit settings and default settings
- Read database tables

Hello,

I need a way to securely store credentials in IRIS that are used to access third-party APIs. These credentials include different clientId/secret pairs that I don't want to expose. While I know that it's possible to define Production Credentials in Ens.Config.Credentials, I understand that they are stored in plain text.

IRIS makes SIEM systems integration simple with Structured Logging and Pipes!

Hello community,

in addition to HL7 V2 interfaces mediated via TCP/IP, we have been implementing more and more HS.FHIRServer.Interop.Service based services that are addressed via port 57772.
We would like to secure access to the Management Portal now and have come up with a procedure that I would like to discuss.

Hi,

I am trying to connect to another server using %Net.HttpRequest.

I keep getting this error : SSL23_GET_SERVER_HELLO:unsupported protocol.

My guess is that the site I am reaching for uses TLS1.3 which is not supported in 2016, But I cant right now ask my client to upgrade.

Is it possible to override this ? install some kind of a patch or a more recent version of openssl on the server ?

Thanks

Amiram

Hello everyone,

I am looking for the syntax or the way to use a class created in the "BNA" Namespace (my application) from the %SYS Namespace.

Here is the context:

I have a "BNA" application contained in the "BNA" NS, this application provides a user creation functionality. This feature creates both the user in a table in the application and in the Iris system.

I saw that IRIS has some built-in%SYSTEM.Encryption Encryption functions, but what should we do when we see encryption AES/ECB/PKCS5Padding ? I wonder if there is a good solution?

最近应用到加密技术，看到平台具有内置的%SYSTEM.Encryption 有具有一些内置的函数，但是，应用过程中碰到加密AES/ECB/PKCS5Padding，我们应该如何处理？不知道有没有好的解决方式？

“I have been waiting for thirty seconds for service. This is outrageous!

Is it possible to authenticate an xDBC (ODBC/JDBC) connection to InterSystems IRIS via (a 3rd party) OAuth server?

For REST APIs this is possible, but could this be achieved with OAuth?

Out-of-the-box the ODBC/JDBC Drivers don't seem to have this option, but maybe some custom code could enable this? perhaps via Delegated Authentication and some OAuth classes customization, or some other way?

Has anyone done this already and can share how it was implemented, or someone with some guideline suggestions?

When defining a server connection in Atelier we are required to enter a username and password because these are mandatory fields in the dialog. However, if the /api/atelier web application definition on that server has only the "Unauthenticated" checkbox set in the section titled "Allowed Authentication Methods", then our Atelier connection will succeed even if we supply an invalid username and/or password.

So far, we have covered how to use ObjectScript to manage users, roles, resources, and applications. There are a few other classes in this package that work similarly to the ones mentioned above. However, these four classes are the ones everyone will have to use to manage their application security.

IRIS can use a KMS (Key Managment Service) as of release 2023.3. Intersystems documentation is a good resource on KMS implementation but does not go into details of the KMS set up on the system, nor provide an easily followable example of how one might set this up for basic testing.

The purpose of this article is to supplement the docs with a brief explanation of KMS, an example of its use in IRIS, and notes for setup of a testing system on AWS EC2 RedHat Linux system using the AWS KMS. It is assumed in this document that the reader/implementor already has access/knowledge to set up an AWS EC2 Linux system running IRIS (2023.3 or later), and that they have proper authority to access the AWS KMS and AWS IAM (for creating roles and polices), or that they will be able to get this access either on their own or via their organizations Security contact in charge of their AWS access.

Hi,

Our application needs to create system users from a request form.

To use Security classes, it is necessary to have rights to use the %SYS namespace, which is not the case for users who validate requests.

It is not desirable for these users to have this role permanently, so I proceeded as follows:

I created a facade class for the Security.Users, Security.Roles, Security.Resources classes which allows me to log in with an authorized user on the NS %SYS

Here is an example method:

I have a case where the Active Directory Service Account passwords will be changed periodically every 3 months and the changes are shared via the LastPass application which requires logging into the app to retrieve the new password and manually entering it into the Interoperability Credentials configuratrion, or the Service Registry.