Over the past year or so, my team (Application Services at InterSystems - tasked with building and maintaining many of our internal applications, and providing tools and best practices for other departmental applications) has embarked on a journey toward building Angular/REST-based user interfaces to existing applications originally built using CSP and/or Zen. This has presented an interesting challenge that may be familiar to many of you - building out new REST APIs to existing data models and business logic.

12 34
6 1,359

Hi contestants!

We've introduced a set of bonuses for the projects for the Interoperability Contest 2021!

Here are projects that scored it:

Project

Basic Auth

Bearer/JWT

OAuth

Authorization

Auditing

Encryption

Docker

ZPM

Online Demo

Code Quality

Article on DC

Video on YouTube

Total Bonus

Nominal 2 3 5 2 2 2 2 2 3 1 2 3 29
appmsw-forbid-old-passwd 2 2 2 1 2 9
isc-apptools-lockdown 2 - - 1 2 5
passwords-tool 2 2 1 2 7
API Security Mediator 2 2 2 2 2 3 1 6 3 23
Audit Mediator 2 2 2 1 4 3 14
iris-disguise 2 2 1 4 3 12
iris-saml-example 5 2 2 2 3 1 2 17
Server Manager 3.0 Preview 2 4 6
appmsw-dbdeploy 2 2 1 2 7
Data_APP_Security 2 5 2 2 2 2 3 1 4 3 26
IRIS Middlewares 2 1 3
TimeTracking-workers 2 2 1 5
zap-api-scan-sample 2 1 4 3 10
https-rest-api 2 2

Please apply with your comments here in the posts or in Discord.

2 17
0 333
Question
Scott Roth · Jun 29, 2018
Adding TLS to ZAUTHENTICATE

I wrote a ZAUTHENTICATE.mac a couple of months back, and found recently that it is creating coredumps on almost a nightly basis. I think I have figured out this problem to be not clearing out my MsgSearch after I am doing 2 of them within the code.

1. Get User Attibutes from AD

2. Get User Groups From AD

So while I am trying to cleanup the code I thought it would be a good time to add a Certificate and TLS to the mix since I should of been using that all along. However I keep running into issues

1 14
0 392

I was running the %File:FileSet class query, with my development user, but I am unable to run this query for an application user. Does anyone know what resource or service is needed to run this query? Assume the user has access to a certain directory on the file system needed for the query.

On second though, having tried almost all the available resources and services, perhaps the user doesn't have access to the directory. How to tell when the error is this:

0 13
0 490

Created by Daniel Kutac, Sales Engineer, InterSystems

Warning: if you get confused by URLs used: the original series used screens from machine called dk-gs2016. The new screenshots are taken from a different machine. You can safely treat url WIN-U9J96QBJSAG as if it was dk-gs2016.

Part 2. Authorization server, OpenID Connect server

9 12
2 4,579

Hi, Community!

Suppose I have class A with properties P1 and P2.

I want to introduce class B, which would have same records as Class A, but only one property - P2.

What is the easiest way to manage it assuming that I would like to use Class A to add records and be available for any operations to Users with Role A.

And I would like to introduce class B for Users with role B for read-only access. Preferably they shouldn't even be aware of Class A and P1 existence .

What is the easiest way to introduce it and manage it?

0 10
0 613

I need to automate the handling of usernames passwords, serverNames etc for use in the sending and receiving of emails, logging into SFTP servers etc etc for use within COS code
To manage external passwords we could use LastPass or any other proprietary password loggers, but I need to be able to call them as part of the automation (COS code) and occasionally visually look them up to "remind" the staff of their passwords.

any suggestions as to the best class data constructs to handle this scenario. Should the whole table be encrypted, only the passwords etc.

0 9
0 383

Hi all, This is a bit embarrassing, and not that critical. I have a local instance of Caché 2016 on my computer, for playing around with. I was attempting to set up two-factor authentication on this instance, and I thought I simply disabled all users except for my own user and enabled two-factor for this user. The next time I tried to login to the Management portal, I received a Server Availability Error:

http://localhost:57772/csp/sys/UtilHome.csp

0 9
0 2,171
Question
Carl Tawn · Jul 16, 2020
Ensemble namespace permission

Hi,

I am attempting to set up a security role for our support team so they can have read access to the production and messages.

I have given the role RW rights on the resource associated with the database. However, when I log into Management Portal and select "Ensemble", the "Available Ensemble namespaces" list is empty.

What permissions do i need to set to be able to navigate to the production?

Thanks in advance,

Carl

Edit:

0 8
0 521

I know %CSP.Daemon is supposed to clean up old CSP sessions (?). In my management portal, under System/ License Usage, I see 33 "Units" used (and there are 33 licenses in use), but usernames from old IP address and that are not being used. Their active times are often in the millions of seconds. They are not "on" the system right now.

At most, only 3 users are on the system right now.

Are these supposed to be cleaned up? Can I clean them up programmactially, and how would I know if they're not active?

Thanks,

Laura

0 8
0 712

Hello everyone smiley

I have a server configuration in a CSP Gateway installed on a PC (let's call it S2) different from the main one (let's call it S1). This configuration allows me to access a web application that is installed on S1, from a client C asking S2 for this webapp. But for now it works only in HTTP between C and S2, and we would like to use HTTPS (as it already works between S2 and S1).

1 8
0 1,347

Hi everybody,

Is there any functionality I could use that triggers real time user-defined code on certain audit events? Right now I am interested in triggering such code on a routine modification event, like the one below. I do know how to access this record programmatically, via %SYS.Audit.

Thanks in advance,
Anna

1 8
0 210
Question
Smythe Smythee · Nov 14, 2022
SSL Configuration for Gmail

Hi Community,

I am configuring new SSL Configuration for Gmail (For sending errors to gmail in ensemble production) by following the below steps.

Step1:

Step2:Giving the server address smtp.gmail.com

Step3:Giving the port number , I have tried giving 465,587,25 as port number still is not connecting

Can anyone please tell me where i am doing wrong on configuration?

Thanks,

Saroja.A

0 7
0 414

When using Studio, ODBC or a terminal connection to Caché or Ensemble, you may have wondered how to secure the connection. One option is to add TLS (aka SSL) to your connection. The Caché client applications - TELNET, ODBC and Studio - all understand how to add TLS to the connection. They just need to be configured to do it.

Configuring these clients is easier in 2015.1 and later. I'm going to be discussing this new method. If you're already using the old, legacy method, it will continue to work, but I would recommend you consider switching to the new one.

23 7
2 4,849

I am trying to find documentation on how Cache Studio locks a Routine/Class a developer is editing.

On the flip side, I am looking for documentation on how Atelier does the same.

Ultimately I am looking for the differences and what happens if both Studio and Atelier through different developers go after the same Routine/Class.

I am not asking for an answer (however that would be nice), I am looking for pointers to documentation.

4 7
0 535

Hi,

Has anyone tried to call Security.Users class (in %SYS namespace) for creating or editing users from a shell script (or any programming language)?

If yes, can you please share your code?

We are trying to automate some stuff and would like to know how this worked for others.

Thanks,

Bharath Nunepalli.

1 7
0 231

I have a list of about 100 MPI IDs that I would like to run a report on. I want to list times that any data for these patients were accessed. Currently in "Managed Reports" we have a "Disclosure Report" which I think was a custom development effort, but it is per-patient.

I have a SQL query for the ATNA log but I'm not confident in its accuracy, so I thought I'd reach out and see how other Information Exchange's might get this data.

0 7
0 404