go to post Scott Roth · Dec 15, 2023 Didn't give me any more additional information on the error besides what was in the Audit Database, but thanks.
go to post Scott Roth · Dec 11, 2023 Yes %Development resource is set as part of the Role he is assigned from the detail we get from LDAP. The user is not really the issue I have at the moment, I am trying to track down why UnknownUser keeps trying to access the Gateway.
go to post Scott Roth · Dec 11, 2023 Yes... I have no issues with VSCode, its just the one user. The issue with the user I believe is with LDAP not InterSystems as the same error happens when trying to sign into the Management Portal, periodically. Does /api/atelier need to have unauthenticated turned on? Why am I seeing the ERROR #815: User not authorized for service %Service_WebGatewayWeb Application: /api/atelier I don't want Unauthenticated users to access the system or be able to get through the Web Gateway at all...
go to post Scott Roth · Dec 3, 2023 Yes I am attempting to connect to Epic Interconnect using OAuth 2.0. I created an internal backend application on vendor services and supplied it with a public key I had generated from our IRIS server. I just haven’t found the right sequence of code or syntax for the request to happen yet. I’m working with WRC but since Epic suggested using JWT and our systems team doesn’t have a jwks setup it’s been kind of a hard thing to figure out.
go to post Scott Roth · Nov 30, 2023 We have a shell script that we executes that signs in via Terminal and calls EnableConfigItem to start or stop an Object within IRIS. We found that running this at the OS level allows us to be more multithreaded than the Scheduler within IRIS.
go to post Scott Roth · Nov 28, 2023 Thanks, yes I know /api/monitor/metrics would still be available, I was just wondering on which programs folks were using to ingest the data from /api/monitor/metrics/.
go to post Scott Roth · Nov 17, 2023 I was able to get past the ERROR #5659: Property 'OAuth2.AccessToken::SessionId(6@OAuth2.AccessToken,ID=)' required by specifying an ID at the end of the request... %SYS>set url = ##class(%SYS.OAuth2.Authorization).GetAuthorizationCodeEndpoint("EpicFHIRPOC",scope,OAUTHURL,.properties,.isAuthorized,.sc,,123) so the sc returns 1, however isAuthorized is still returning 0. If I run IsAuthorized, I am not seeing any errors. Am I taking the correct steps? How do I get the Token?
go to post Scott Roth · Nov 9, 2023 It is possible to setup Apache to listen for 52773 instead of 80, so why wouldn't calls to port 52773 go through Apache if it is configured to listen for port 52773?
go to post Scott Roth · Nov 9, 2023 Since everyone on the team uses the URL that contains the port number of 52773, I was trying to make it possible for them not to have to update their bookmarks they already use. Seamless transition to encrypting the traffic between their web browser and the server.
go to post Scott Roth · Oct 30, 2023 We have turned off Telnet, and use ssh to connect to our servers, then open a terminal prompt by running... :>iris session <name space> There are many different clients out there from Windows Terminal, Cygwin, MobaXTerm, XWin32, even Windows Powershell would work with ssh. It all a matter of preference...
go to post Scott Roth · Oct 26, 2023 FHIR is still has the reach the level of maturity that 2.3 had. While the technology is nice, it is still more query based than transactional based in my dealings with understanding the flow. How is an application to know a Patient to query if it does not have enough information to begin the query into FHIR.
go to post Scott Roth · Oct 19, 2023 How do you setup Apache to know the VIP has been moved to one of the other servers? If you include the VIP in the ServerAlias settings in Apache then when a user connects to the VIP, Apache wont know which server to connect to.
go to post Scott Roth · Oct 12, 2023 How did you configure the web gateway to do this? Each web gateway is configured to talk to the local Health Connect instance, irrespective of it being primary, secondary or DR at any time. So, when have to access the primary, we go via the VIP URL -> the request lands on the IIS for the primary instance and that is passed on to the local Health Connect instance.
go to post Scott Roth · Oct 9, 2023 It is something with the password that is setup during the Install process vs the password that is on the user. I installed IRIS with setting the password as a default, verified that I could get into the Web Gateway Management, but as soon as I changed the password through the Security within the Management portal, I could no longer get into the Web Gateway Management. So do I have to modify the CSP.ini somehow to tell it to use the LOCAL password, vs the SYSTEM password?
go to post Scott Roth · Oct 6, 2023 I tracked down the issue to %Service_Login being disabled, as I thought this service was just used for API calls and not internally.
go to post Scott Roth · Oct 6, 2023 _Ensemble is being called when I try to Enable/Disable/Restart an Object within the namespace, I don't think it can be changed.
go to post Scott Roth · Oct 6, 2023 While thinking about this, I am wondering if using an encryption key might be a possible solution as well that way there is limited access to the password, and the key would just have to be regulated to be updated every so often. With using a AD service account, the password still needs to be updated or kept up to date, and still needs to be passed into the shell script for Terminal to open. I have submitted the following IDEA... https://ideas.intersystems.com/ideas/DPI-I-466
go to post Scott Roth · Sep 21, 2023 I have figured out our LDAP configuration to move our users over to use the standard LDAP built in functionality instead of using the ZAUTHENTICATE that I had built.
