Is it possible restrict access in IRIS from label data classification (ultra/top secret, restrict, ostensive, etc.)?

Hello,

We currently have the following scenario: We have a bussiness SOAP Operation, where we get a SAML String and we convert it into a %SAML.Assertion object correctly.

👩‍💻👨‍💻 We would need to send the SAML Assertion inside the SOAP Header to the Target System.

First of all thanks for reading, and thanks for answering.

We currently have opened Log Soap and we do not observe it being added to the SOAP Header, as you would observe in the following Log Soap:

I am trying to lock down security within our Development environment per requirements from a Security Audit that was done earlier this year. I need to try to limit access at a public level, access to cache users, and exposure.

I installed IRIS with the Lockdown method, and have configured my web applications, services, resources, etc.

When I go into my namespace, I am constantly presented with the following error when I try to start or stop an Object...

According to the Cambridge dictionary, tokenize data is "to replace a private piece of data with a token (= a different piece of data that represents the first one), in order to prevent private information being seen by someone who is not allowed to do so" (https://dictionary.cambridge.org/pt/dicionario/ingles/tokenize).

Be in touch with InterSystems and receive alerts, advisories and product news quickly. The process is really simple:

I've been trying for a while now to get OS authentication working on IRIS running on Ubuntu 20.04 and subsequently 22.04. I have the following authentication methods enabled for %Service_Terminal:

• Operating System
• Password
• Operating System Delegated Authorization

And i have these options selected in Authentication/Web Session Options:

Hi,

I am trying to connect to another server using %Net.HttpRequest.

I keep getting this error : SSL23_GET_SERVER_HELLO:unsupported protocol.

My guess is that the site I am reaching for uses TLS1.3 which is not supported in 2016, But I cant right now ask my client to upgrade.

Is it possible to override this ? install some kind of a patch or a more recent version of openssl on the server ?

Thanks

Amiram

Hi,

I have a case where the Active Directory Service Account passwords will be changed periodically every 3 months and the changes are shared via the LastPass application which requires logging into the app to retrieve the new password and manually entering it into the Interoperability Credentials configuratrion, or the Service Registry.

IRIS can use a KMS (Key Managment Service) as of release 2023.3. Intersystems documentation is a good resource on KMS implementation but does not go into details of the KMS set up on the system, nor provide an easily followable example of how one might set this up for basic testing.

The purpose of this article is to supplement the docs with a brief explanation of KMS, an example of its use in IRIS, and notes for setup of a testing system on AWS EC2 RedHat Linux system using the AWS KMS. It is assumed in this document that the reader/implementor already has access/knowledge to set up an AWS EC2 Linux system running IRIS (2023.3 or later), and that they have proper authority to access the AWS KMS and AWS IAM (for creating roles and polices), or that they will be able to get this access either on their own or via their organizations Security contact in charge of their AWS access.

Is it possible to authenticate an xDBC (ODBC/JDBC) connection to InterSystems IRIS via (a 3rd party) OAuth server?

For REST APIs this is possible, but could this be achieved with OAuth?

Out-of-the-box the ODBC/JDBC Drivers don't seem to have this option, but maybe some custom code could enable this? perhaps via Delegated Authentication and some OAuth classes customization, or some other way?

Has anyone done this already and can share how it was implemented, or someone with some guideline suggestions?