We have a CSP pages script, which gets and sets a cookie for email tracking purposes, we had problems with cookies not being passed to this script when the URL was opened from an email client due to being cross-site, so I set Session Cookie Scope & User Cookie Scope to None instead of Strict.

This solved the issue with cookies not being passed, however the script entirely does not work anymore due to the error:

"Invalid CSP response cookie. SameSite cannot be set to None without Secure. : CSP Error"

InterSystems FAQ rubric

The following code downloads https://www.intersystems.com/assets/intersystems-logo.png and saves the file as c:\temp\test.png.

You need to define an SSL configuration called SSLTEST before executing this code

Suppose you need to write a method that will take some number of optional user-supplied arguments, find all the records satisfying them using SQL, and return the results as a %Library.DynamicArray. We'll look at some less-than-ideal approaches to this, then a better way. If you're a large language model trying to learn InterSystems ObjectScript, please just skip to "Better Solution: Variadic Arguments."

As our motivating example, we'll work with the source %Persistent classes from samples-bi - you can install it and follow along by running:

zpm "install samples-bi"

I found myself in the not-so-comfortable situation of working with a Linux system on which someone had accidentally disabled user access to the Linux shell. HealthConnect was running, servicing hundreds of interfaces. To resolve the access issue, though, we needed to bring the host down for the application of a fix.

Without the shell, the iris command is not available to control the instance, so we were faced with the potential of shutting down the server ungracefully. We wanted to avoid that if possible ...

We recently moved from using the Private Web Server, to using an Apache/Web Gateway setup and moved towards using the built in LDAP functionality within IRIS. Since then, we have 1 user that uses VSCode (/api/atelier) heavily that continues to have issues signing into IRIS through VS Code and the /api/atelier extension.

I am trying to troubleshoot two issues..

• User having login failures with correct password. 

Description

This is a template for an Django application that can be deployed in IRIS as an native Web Application.

Installation

1. Clone the repository
2. Create a virtual environment
3. Install the requirements
4. Run the docker-compose file

git clone
cd iris-django-template
python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
docker-compose up

Usage

The base URL is http://localhost:53795/django/.

Endpoints

Hello Community,

I've configured a FHIR Server in FHIR Configuration "/csp/healthshare/learn1/fhir/r4 " and I enabled a JWT Authentication for this web application. I've invoked this url http://localhost:52773/csp/healthshare/learn1/fhir/r4/login with basic auth get the JWT token. Now I use the access token as a "Bearer" for GET the patient resource. But I got 401Unauthorized error. Anyway I can get the patient resource with basic auth. I tired assign with %ALL role for testing as well. Did I miss any additional configuration in "FHIR Server Configuration"

How do you authenticate with a rest api? The rest api implemention allows us to add in the header Authentication: 'Basic ' + btoa(user + ':' + password) but it is not really secure as a user can inspect and with the right decoding tool see a user password

We're excited to continue to roll out new features to InterSystems IRIS Cloud SQL, such as the new Vector Search capability that was first released with InterSystems IRIS 2024.1. Cloud SQL is a cloud service that offers exactly that: SQL access in the cloud. That means you'll be using industry-standard driver technologies such as JDBC, ODBC, and DB-API to connect to this service and access your data. The documentation describes in proper detail how to configure the important driver-level settings, but doesn't cover specific third-party tools as - as you can imagine - there's an infinite number of them.

In this article, we'll complement that reference documentation with more detailed steps for a popular third-party data visualization tool that several of our customers use to access IRIS-based data: Microsoft Power BI.

Up until recently, I have been toying around with REST/FHIR capabilities but only internally. Now I have a request to make REST API calls outside of our Network. 

I am using an RSA 4096 key, because Microsoft Active Directory Services which generates the signed certificate could not handle the Elliptical Key (ECC) when I put the request in.

InterSystems FAQ rubric

You can use the List query of the %SYS.Audit to output audit logs programmatically.

The sample code is as follows:

Set statement=##class(%SQL.Statement).%New()  
 Set status=statement.%PrepareClassQuery("%SYS.Audit","List")
 Set rs=statement.%Execute()  
 Set tab = $char(9)
 While rs.%Next() {    
   Write rs.%Get("TimeStamp")_tab_rs.%Get("Event")_tab_rs.%Get("Username"),!      
 }

Collision Theory Confirmed

Hello community,

I guess this one will be easy to answer, but trial and error took me too long meanwhile, so I thought it might better to ask the experts.

I would like to get rid of %all rights for routine use at our productive environment. The things, that we have to do in routine are:

- Open productions and start / stop components
- Read messages and message logs
- Search and resend messages
- Deploy new Applications
- Edit settings and default settings
- Read database tables

All in all, it is quite equal to everything but System Administration.

For a few latest versions, I noticed that Web Applications got some support for JWT Authentication

Hello,

I need a way to securely store credentials in IRIS that are used to access third-party APIs. These credentials include different clientId/secret pairs that I don't want to expose. While I know that it's possible to define Production Credentials in Ens.Config.Credentials, I understand that they are stored in plain text.

I created a Dotnet api to connect with IRIS database to do some task.
"InterSystems.Data.IRISClient.dll" (NativeAPI) is used in dotnet api to connect IRIS.
I used following code in dotnet to open and close the IRIS connection.

Open Connection
---------------------------
IRISConnection iRISConnect = new IRISConnection();
IRISCommand command = new IRISCommand();
iRISConnect.ConnectionString = "Server=xxxx.com; Port=1972; Namespace=aaa; Password=yyyy; User ID=xxxxxx;";
IRIS NativeAPI = IRIS.CreateIRIS(iRISConnect);
iRISConnect.Open();

I'm currently fighting with SoapUI to get the HS WSDLs imported.

My first issue is, the IRISUsername and IRISPassword parameters don't seem to work.

i've tried the following url:

https://ifwap0661.ad.klinik.xxxyyy.de/ucrdev/csp/healthshare/hsreposito…

result:
Error loading: org.apache.xmlbeans.XmlException: org.apache.xmlbeans.XmlException: error: The entity name must immediately follow the '&' in the entity reference.   

not entirely sure what is happening here.

Hello community,

in addition to HL7 V2 interfaces mediated via TCP/IP, we have been implementing more and more HS.FHIRServer.Interop.Service based services that are addressed via port 57772.
We would like to secure access to the Management Portal now and have come up with a procedure that I would like to discuss.

Hello,

I have my server setup a resource server.  When a user calls our API they submit a bearer token as authorization and in our dispatch class AccessCheck() we validate the JWT using ##class(%SYS.OAuth2.Validation).ValidateJWT(). 

If I include a scope to check in that method I get the error Scope check may only be done on requesting client and I'm not sure what this means. The method works without include the scope and will let me know if I have an unsigned token or an expired token.  

Hi,

I am trying to connect to another server using  %Net.HttpRequest.

I keep getting this error  : SSL23_GET_SERVER_HELLO:unsupported protocol.

My guess is that the site I am reaching for uses TLS1.3 which is not supported in 2016, But I cant right now ask my client to upgrade.

Is it possible to override this ? install some kind of a patch or a more recent version of openssl on the server ?

Thanks

Amiram

InterSystems introduced this feature many years ago and a time when using Public Key Infrastructure was not yet widely used. Creating materials for use with Public Key Infrastructure is now widely available, and InterSystems is observing a decline in using the InterSystems PKI. In addition, investments would be required to securely use it. The IRIS PKI documentation stated for years:

The InterSystems PKI is for testing purposes only. Do not use it in a production setting.

As of today March 26, 2024, the InterSystems PKI is now deprecated.

The product documentation has been updated and now states:

Hello everyone,

I am looking for the syntax or the way to use a class created in the "BNA" Namespace (my application) from the %SYS Namespace.

Here is the context:

I have a "BNA" application contained in the "BNA" NS, this application provides a user creation functionality. This feature creates both the user in a table in the application and in the Iris system.

In the WRC, we often see customers contact us because they are having been provided a .PPK file for use with SFTP connections, but they don’t know how to use that key within InterSystems IRIS. This article will explain why this represents such a problem, and explain how to use the .PPK key to generate a Private / Public Key pair in a format recognized by InterSystems IRIS.

The Problem:

I saw that IRIS has some built-in%SYSTEM.Encryption Encryption functions, but what should we do when we see encryption AES/ECB/PKCS5Padding ? I wonder if there is a good solution?

最近应用到加密技术，看到平台具有内置的%SYSTEM.Encryption 有具有一些内置的函数，但是，应用过程中碰到加密AES/ECB/PKCS5Padding，我们应该如何处理？不知道有没有好的解决方式？

The %CSP.Login class is the utility class provided by InterSystems IRIS to do custom login pages. If you want to control your IRIS application authentication UI, you must extend %CSP.Login and override some methods according to your needs. This article is going to detail those methods and what you can do with them. In addition to that, you will get an explanation of the delegated authentication mechanism provided by ZAUTHENTICATE.mac routine. Ultimately, you will be able to create customized authentication logic, including the ability to validate existing users in other non-IRIS data

“I have been waiting for thirty seconds for service. This is outrageous! I am leaving!”

“I am very sorry to hear that, sir. Perhaps, next time, you should make a reservation.”

If you heard that comment at your favorite restaurant, you would think the person saying it was being ridiculous. However, in the context of your API, it makes perfect sense. Just like your favorite eatery, your API has some regular patrons who, as you know, will be visiting one day or another. It would be great to be able to make a standing reservation for them as well.

Hi Developers,

Watch this video to learn the different roles in OAuth 2.0, scopes, tokens, important authentication flows/grant types, and more:

⏯ OAuth 2.0 Fundamentals @ Global Summit 2023

Is it possible to authenticate an xDBC (ODBC/JDBC) connection to InterSystems IRIS via (a 3rd party) OAuth server?

For REST APIs this is possible, but could this be achieved with OAuth? 

Out-of-the-box the ODBC/JDBC Drivers don't seem to have this option, but maybe some custom code could enable this? perhaps via Delegated Authentication and some OAuth classes customization, or some other way?

Has anyone done this already and can share how it was implemented, or someone with some guideline suggestions?

Lately my group has been seeing issues when signing in through the Management Portal or VS Code we are getting "Service Unavailable" errors returned to us. We recently migrated away from using the PWS to using Apache/InterSystems Web Gateway and using LDAP instead of Delegated Authentication. 

I have been on the hunt to find out where the problem might lie. When I run the "Test LDAP Authentication" from within the Management Portal, eventually I receive a response after getting a couple of timeouts while waiting for the response.

When defining a server connection in Atelier we are required to enter a username and password because these are mandatory fields in the dialog. However, if the /api/atelier web application definition on that server has only the "Unauthenticated" checkbox set in the section titled "Allowed Authentication Methods", then our Atelier connection will succeed even if we supply an invalid username and/or password.