I have a question about using OnInit() within a Ens.BusinessOperation.

When you include OnInit(), does OnInit() only execute when you start a Business Operation? Or does it execute OnInit () every time you send a REST request to the operation. I am trying to pinpoint when the best time is to execute the POST command to get the Token

I am needing to get a Bearer Token from a REST POST call and return the Authorization key prior to making the rest of the REST calls to pull down data.

When not using OAuth, what have you done to get the Token prior to executing any Requests?

Thanks

Scott

Up until recently, I have been toying around with REST/FHIR capabilities but only internally. Now I have a request to make REST API calls outside of our Network. 

I am using an RSA 4096 key, because Microsoft Active Directory Services which generates the signed certificate could not handle the Elliptical Key (ECC) when I put the request in.

• Others in the Healthcare industry, how have you handled this when there isn't an API manager involved?
• Do you connect directly through the Interoperability Engine using a TLS key?

Has anyone noticed weird behavior when upgrading to HealthShare Health Connect 2024.1? 

Wednesday I upgraded our TEST environment from IRIS for UNIX (Red Hat Enterprise Linux 8 for x86-64) 2022.1.4 (Build 812_0_22913U) [HealthConnect:3.5.0-1.m1] [HealthConnect:3.5.0-1.m1] to IRIS for UNIX (Red Hat Enterprise Linux 8 for x86-64) 2024.1 (Build 267_2U) [HealthConnect:3.5.0-1.m1].

Some of our Business Processes have been throwing...

ERROR <Ens>ErrBPTerminated: Terminating BP EnterpriseDirDBWorkDayAppointmentBPL # due to error: ERROR #5002: ObjectScript error: <LIST>%SerializeObject+7

IRIS for UNIX (Red Hat Enterprise Linux 8 for x86-64) 2024.1 (Build 267_2U) Tue Apr 30 2024 16:06:39 EDT [HealthConnect:7.2.0-1.r1]

I have a use case where Epic is sending an A60 Allergy transaction is set at the Patient level, but we have a system called VIBE which needs the ADT at an Encounter level instead. Currently we store ADT information in a MS SQL database for years, and we are querying it to get the latest Account Number to insert into the ADT^A60 for VIBE.

This MS SQL Visit Database was built over 20 years ago and is quite cumbersome to keep maintaining.

Have a question about the new Rule Editor within 2024.1... How are you able to edit the Target, it shows greyed out and when I click on the field it does not allow me to edit the field.

I would like to understand before I give my team a presentation tomorrow about if we should upgrade or not. Thanks

I am attempting to make a FHIR call against the Epic Repository through Intersystems. I have setup a Service client per Create FHIR REST Client | InterSystems Developer Community | Business

but I have set it up using OAuth and HTTPS.

I have verified that the OAuth works by executing it manually via a Terminal to verify I get a response. Of course, when I do it is writing to the ISCLOG

I am trying to now test making the FHIR call by initiating the test of HS.FHIRServer.Interop.HTTPOperation, however I keep getting mixed results with first a 404 not found error, and now a 401 unauthorized error.

I am trying to create my first call to our Epic FHIR Repository from Health Connect using Samples-FHIRStarter now that I have OAuth2.0 connection tested/working with our Epic Interconnect URL.

When I take a patient example from our Epic environment and test it through Data.BPL.PatientRecordCollector within the Namespace, I keep getting a 404 - File or directory not found 

as it tells me it cannot find the patient. So, I know the connection is being established, I just can't see what is being sent to Epic to see if I could test it through Postman.

Question for folks who have connected to an External FHIR repository outside of IRIS. Within the HS.FHIRServer.Interop.HTTPOperation there is not an option to include TLS or an OAuth authentication when connecting to an external Repository. So then how is that piece done if you need to Authenticate against an OAuth Server before you are able to access the data or call the Web Services/REST calls?

I am trying to setup a OAuth2.0 configuration to connect to a server within our Network using OAuth2.0. My previous attempt worked, however forgot to capture the steps before I had whipped the System so please bear with me. 

I have an SSL/TLS Client configuration setup as we use the setup for our LDAP configuration. 

When I go through the following steps within the Terminal, I am getting the following error...

%SYS>kill ^ISCLOG
%SYS>set scope="openid fhirUser"
%SYS>set jwt = ##class(%SYS.OAuth2.Authorization).GetAccessTokenJWT("EpicFHIRPOC","1fd8f5cc-18ee-4eff-990d-4606037b932e",scope

I was not able to get IAM working on my Development Server because of issues with creating volumes as a Non root user, so I opted to run it within Docker on my WSL Ubuntu locally. I was able to get it running, however the Workspaces is empty, and the Dev Portal is not enabled.

At this point do I need to sign up for the free Kong Konnect? or what are the next steps?

Thanks

Scott

I downloaded IAM-3.4.2.0-5604.tar.gz from the Online Distribution site this morning, it the implementation to install it on our Development environment to see if it is a viable solution. Following the instructions, I have ran into an issue trying to make sure I am entering the information into the prompts correctly.

I have IRIS HealthShare Health Connect 2024.1 running locally using a Local Web Server, so when prompted I have entered the IP Address and port 443 is that correct? 

:>iam-setup.sh
Welcome to the InterSystems IRIS and InterSystems API Manager (IAM) setup script.

I am currently adding a field to our Existing messaging from Epic, however there might be a possibility I need to back load data into the Ancillary system. While I have the previous messages that can be sent, they do not have this additional field that I am adding to the message.

I can do a lookup against Epic Clarity SQL Database; however, I don't want to throw a wrench into the workflow if the system cannot connect to the Epic Clarity SQL Database.

• What is the best solution for this?

I am fairly new to using Docker, and instead of trying to get IIS, a Web Gateway, and Docker desktop working within my Windows environment, I thought I would try running it in a WSL2 Ubuntu environment since this is similar to how use it on my server. I have installed Apache and the Web Gateway on my WSL2 Ubuntu.

I went through Apache Web Gateway with Docker | InterSystems Developer Community however that is already bundled and requires TLS certificate setup which I don't care about since this is running locally on my machine.

Our 3M Computer Assisted Coding system goes down on a regular basis for updates, the Applications folks like us to Disable the Business Operations when this happens and start them back up when they page the on-call person. The Business Operations have to be started in a sequence to guarantee that all the ADT being sent it processed before we start sending everything else.

Has anyone noticed that when IRIS is forced down that the EnsLib.JavaGateway.Services do not properly shut down and release the ports? While we can write a shell script to kill the processes at the OS level, I was wondering if anyone experienced this issue.

We are working on our Mirroring setup/failover and had the team testing forcing the Primary down to make the Backup to become the Primary Server. When this happened and we failed back, IRIS could not restart the JavaGateway.Services because the ports were still in use.

Lately my group has been seeing issues when signing in through the Management Portal or VS Code we are getting "Service Unavailable" errors returned to us. We recently migrated away from using the PWS to using Apache/InterSystems Web Gateway and using LDAP instead of Delegated Authentication. 

I have been on the hunt to find out where the problem might lie. When I run the "Test LDAP Authentication" from within the Management Portal, eventually I receive a response after getting a couple of timeouts while waiting for the response.

Authenticated user roth16 10 times in 26.177111 seconds - 0.

We recently went through an Audit of our Security Policies and Procedures when it comes to IRIS. As a result of that Audit, we need to make adjustments to the way that Security is setup within IRIS. I have already done my changes on our TEST and DEVELOPMENT environments, but now I am trying to plan out how do we make these changes in Production.

These changes include moving away from the PWS, setting up Apache/Web Gateway, moving to LDAP instead of using Delegated Authentication, updating Web Applications, updating Resources, updating Services, etc.

Ran into an issue this morning, that I am having a hard time trying to track down what might have caused the issue. We have a Business Rule that sends HL7 ADT to a Business Process that inserts the data into a MS SQL Server using a Custom Business Operation (SQL Outbound Adapter).

Early yesterday morning the Custom Business Operation reset its connection through the Java Gateway Server to the MS SQL Database, when it reconnected to the Java Gateway/MS SQL Database it stopped processing. So, the Business Rule had over 40,000 queued up to process.

I had a question about using ZSTART, ZSTOP, and ZMIRROR.

• If we use them and it is not correct, does it mess up with any of the existing functionality?
• So, if I create a ZSTART with a simple command of starting the %JDBC Server will that mess up anything existing in the Startup sequence?
• Is ZSTART, ZSTOP, and ZMIRROR just an extension of the existing functionality, or does it alter how the built in functionality runs?
• Should we tread lightly in the use of them?

I downloaded containers.intersystems.com/intersystems/healthshare_providerdirectory:2023.2 to evaluate, however when I try to run the container it keeps

exiting. 

>docker run --name providerdirectory --user=irisowner --env=ISC_DATA_DIRECTORY=/intersystems/irisdata --runtime=runc -d containers.intersystems.com/intersystems/healthshare_providerdirectory:2023.2

I keep getting the following, and I am not sure why...

2024-01-17 20:36:20 [INFO] Executing command /home/irisowner/irissys/startISCAgent.sh 2188...
2024-01-17 20:36:20 [INFO] Writing status to file:

I am trying to work on a ZMIRROR that will execute a shell script to failover our VIP at the hardware level when NotifyBecomePrimary occurs.

ZMIRROR ; Custom logic for specific mirroring events
 q
 ;
NotifyBecomePrimary() PUBLIC {
 #;This procedure is called as a notification when this system becomes Primary.
 #;It does not return any value.
 #; invoke the command to select this host for running the crontab
 try {
	Set cmd = "/usr/local/sbin/failover-intengtest-vip_SR"
	d $ZF(-100,"/SHELL /LOGCMD /STDOUT=/archive/logs/failover-intengtest-vip.

Within a DTL is it possible to access and update the Message Header properties of an EnsLib.HL7.Message?

Currently we have multiple EMR Services for each environment sending to 1 Business Process to Normalize the data, then it is sent to another Business Process to route the data. 

Since the SourceConfigName changes with every send to a Business Process, I am looking for a way to maintain the SourceConfigName of the SessionID so I know how to direct the message.

I am trying to write a ZMIRROR routine that makes a shell script call using $ZF

     Set cmd = "/usr/local/sbin/failover-intengtest-vip"
     Do $ZF(-100,"/ASYNC /SHELL",cmd)

The script I am calling is returning an output to the screen, how do I get around this using $ZF without having to rewrite the scripts?

Thanks

Scott

Outside of the learning module for IAM, I would like to give it a try with Community Edition on my own however the Community Edition License does not include it.

Has there been any discussion on allowing Company's Demo IAM through Community Edition before they get the license?

Thanks

Scott

I am trying to troubleshoot an issue with LDAP and a specific user. Besides what is in the Audit Database is there another way to look to see the LDAP functionality that is being called and the response, like there is with OAuth and the ISCLOG? The Audit Log is returning a failure (Unexpected - /api/atelier login failure | InterSystems Developer Community) for this particular user, and I want to get proof that it might be something with the LDAP and not IRIS.

Thanks

Scott

We recently moved from using the Private Web Server, to using an Apache/Web Gateway setup and moved towards using the built in LDAP functionality within IRIS. Since then, we have 1 user that uses VSCode (/api/atelier) heavily that continues to have issues signing into IRIS through VS Code and the /api/atelier extension.

I am trying to troubleshoot two issues..

• User having login failures with correct

Trying to setup my first OAuth 2 client to authenticate against Epic's Interconnect instance that is hosting FHIR/Web Service API's. Epic's documentation says the JWT request has to be sent as a POST request..

Does 

GetAuthorizationCodeEndpoint

and 

GetImplicitEndpoint

automatically put the request into a POST request, or do I need to format a %Net.HttpRequest to POST?

Thanks

Scott

With System Alerting and Monitoring (SAM) being deprecated in the near future..

• What is everyone's go-to for Monitoring IRIS? 
• What is readily available?
• What is the cost surrounding it?

Just trying to get ideas floating around of what we might need to start looking at to satisfy IT leadership.

Thanks

Scott

I am attempting to setup my first OAuth2 client, as we are adventuring into the realm of making FHIR API calls to our EMR from HealthShare Health Connect. 

I have gone through and set up the Issuer Endpoint, and Client Configuration but now I want to test it and verify that the setup is correct. When I setup the Client Configuration, it would not allow me to use Discovery as it was saying I needed a "Client secret" but was not given one. So I set it up manually, thinking I hit all the information correctly.

We are moving away from Delegated Authentication in which I stored a username and password for our LDAP in a GLOBAL to be called by ZAUTHENTICATE.

Is there a way to pull in that GLOBAL into the LDAP Configuration within the Managment Portal instead of having to manually enter it? There seems to be an issue with Copy/Paste that the password isn't being set correctly when I use Copy/Paste.

Else I just export/import the LDAP Configuration from 1 server to another and manually update the Certificate to point to the correct file.

Thanks

Scott