We recently went through an Audit of our Security Policies and Procedures when it comes to IRIS. As a result of that Audit, we need to make adjustments to the way that Security is setup within IRIS. I have already done my changes on our TEST and DEVELOPMENT environments, but now I am trying to plan out how do we make these changes in Production.

These changes include moving away from the PWS, setting up Apache/Web Gateway, moving to LDAP instead of using Delegated Authentication, updating Web Applications, updating Resources, updating Services, etc...

1 4
0 200

Ran into an issue this morning, that I am having a hard time trying to track down what might have caused the issue. We have a Business Rule that sends HL7 ADT to a Business Process that inserts the data into a MS SQL Server using a Custom Business Operation (SQL Outbound Adapter).

1 2
0 242

I had a question about using ZSTART, ZSTOP, and ZMIRROR.

  • If we use them and it is not correct, does it mess up with any of the existing functionality?
  • So, if I create a ZSTART with a simple command of starting the %JDBC Server will that mess up anything existing in the Startup sequence?
  • Is ZSTART, ZSTOP, and ZMIRROR just an extension of the existing functionality, or does it alter how the built in functionality runs?
  • Should we tread lightly in the use of them?
2 7
1 413
Question
· Dec 14, 2023
LDAP Logging

I am trying to troubleshoot an issue with LDAP and a specific user. Besides what is in the Audit Database is there another way to look to see the LDAP functionality that is being called and the response, like there is with OAuth and the ISCLOG? The Audit Log is returning a failure (Unexpected - /api/atelier login failure | InterSystems Developer Community) for this particular user, and I want to get proof that it might be something with the LDAP and not IRIS.

Thanks

Scott

0 6
0 465

We recently moved from using the Private Web Server, to using an Apache/Web Gateway setup and moved towards using the built in LDAP functionality within IRIS. Since then, we have 1 user that uses VSCode (/api/atelier) heavily that continues to have issues signing into IRIS through VS Code and the /api/atelier extension.

I am trying to troubleshoot two issues..

0 8
0 1.5K

Trying to setup my first OAuth 2 client to authenticate against Epic's Interconnect instance that is hosting FHIR/Web Service API's. Epic's documentation says the JWT request has to be sent as a POST request..

Does

GetAuthorizationCodeEndpoint

and

GetImplicitEndpoint

automatically put the request into a POST request, or do I need to format a %Net.HttpRequest to POST?

Thanks

Scott

1 4
0 355
Discussion
· Nov 28, 2023
Monitoring Platforms

With System Alerting and Monitoring (SAM) being deprecated in the near future..

  • What is everyone's go-to for Monitoring IRIS?
  • What is readily available?
  • What is the cost surrounding it?

Just trying to get ideas floating around of what we might need to start looking at to satisfy IT leadership.

Thanks

Scott

1 10
0 496
Question
· Nov 17, 2023
Testing OAuth2

I am attempting to setup my first OAuth2 client, as we are adventuring into the realm of making FHIR API calls to our EMR from HealthShare Health Connect.

I have gone through and set up the Issuer Endpoint, and Client Configuration but now I want to test it and verify that the setup is correct. When I setup the Client Configuration, it would not allow me to use Discovery as it was saying I needed a "Client secret" but was not given one. So I set it up manually, thinking I hit all the information correctly.

2 2
0 386

We are moving away from Delegated Authentication in which I stored a username and password for our LDAP in a GLOBAL to be called by ZAUTHENTICATE.

Is there a way to pull in that GLOBAL into the LDAP Configuration within the Managment Portal instead of having to manually enter it? There seems to be an issue with Copy/Paste that the password isn't being set correctly when I use Copy/Paste.

Else I just export/import the LDAP Configuration from 1 server to another and manually update the Certificate to point to the correct file.

Thanks

Scott

0 0
0 159

This is probably not the right place, but I don't know who I can reach out to... I am trying to configure an Apache/Web Gateway to our instance of IRIS so we are no longer using the built-in PWS. Can anyone point me in the right direction to configure Apache/Web Gateway to repoint

http://<server name>:52773/... to the https://<server name>/...

gateway so our users will not notice? How do I do this in Apache, do I need to modify httpd.conf or the ssl.conf file? What is the correct syntax...

0 7
0 544

I recently started work on trying to Tighten Security in our Development Instance of IRIS that is running based on recommendations from our Audit as you might of seen from my other posts. I am currently trying to get into the Private Web Gateway Manager within IRIS as CSPSystem, but when I attempt to sign in nothing happens.

I went through and reset the password in the CSP.ini and within IRIS for CSPSystem. I made sure it had the new GatewayRole per suggested

0 2
0 566

I am trying to lock down security within our Development environment per requirements from a Security Audit that was done earlier this year. I need to try to limit access at a public level, access to cache users, and exposure.

I installed IRIS with the Lockdown method, and have configured my web applications, services, resources, etc.

When I go into my namespace, I am constantly presented with the following error when I try to start or stop an Object...

0 3
0 251