Does Intersystems specifically Ensemble support a Single Sign On architecture? Currently we are using Delegated sign on using LDAP and TLS, however our CIO would like us to move toward a single sign on, so when you sign into your PC it would automatically pass the credentials to Ensemble.
Thanks
Scott
I loaded 2017.2 onto a windows desktop that I was going to use for testing. I need to now uninstall 2017.2 but when I do I get a ERROR saying it can not find the INSTANCE name, when there is HEALTHSHARE defined.
Has anyone else had this issue? I would like to uninstall this version and start over from scratch without having to re-image my machine.
Thanks
Scott
We are currently using Ensemble on AIX. We are on 2015.2.2. If I install Field Test on a windows desktop, is it possible that I can import the Cache.dat from my AIX server, so I can do some Proof of Concept development?
Thanks
Scott
Can someone tell me if intersystems-ru/deepsee-sysmon-dashboards is developed for a specific version of Ensemble? Looks like it could be useful to my group but we aren't upgrading till later this year and we are on 2015.2.2.
Thanks
Scott
Has anyone called any outside Javascript code from inside their class files? I asked a long time ago if there was a way to manipulate an image within Cache Object Script, and since Cache doesn't have any image libraries its not really possible. However I have found Javascript to resize an image and wonder how hard it would be to mesh the two together.
Can anyone share any examples?
Thanks
Scott
I am trying to explore some new possibilities outside of the normal day to day HL7 interfacing we do. I have only done 1 other Web Service interface but it was using a SOAP proxy wizard. Now I am tasked with trying to make a call to an external API
https://npiregistry.cms.hhs.gov/api/
but I am a bit confused about how to go about doing it. Since they don't have a wsdl, this means it is a REST web service correct? or is it considered an API call?
We are trying to script a High Availability Shutdown/Start script in case we need to fail over to one of our other servers we can be back up within mins. Is there a way to configure the startup procedure to Automatically Stop/Start the JDBC server when shutting down or starting up cache? is there an auto setting we can change?
Thanks
Scott Roth
The Ohio State University Wexner Medical Center
I am working on my first REST operation concept and had a question about the Property Parameters. If I put a value in CAPTION, does that mean that when I use it in my call that it will come out in the URL?
For example...
Property enumerationType As %String(CAPTION = "enumeration_type");
Then in my operation...
Set tURL=..Adapter.URL_"?q="_pRequest.enumerationType
so when it builds the URL it looks like...
My administrator was wondering where %SYS/ZAUTHENICATE.mac is stored?
He preforms a nightly backup, and would like to include the custom ZAUTHENTICATE.mac that was written for our Delegated/LDAP configuration.
Thanks
Scott Roth
The Ohio State University Wexner Medical Center
In looking at the Production monitor within Ensemble, I was wondering if there is a way we could customize it for our use. I notice it is basically a dashboard.
For example I would only like to truly display those Services, Processes, and Operations that are truly in dire need of attention. The Monitor out of the box just seems too busy, and I would like to simplify it.
I was trying to find a sample how a Monitor Dashboard would be setup, but I am not seeing anything in ENSDEMO, or SAMPLES. Has anyone created a Custom Dashboard/Monitor for their purposes?
I have created some roles, and would like to know if there is a way to export the Roles and save them off to a file? I want to create a backup file of these roles for DR purpose, and in case I ever get hit by the preverbal bus.
Thanks
Scott Roth
The Ohio State University Wexner Medical Center
We have the need to write a function that can loop through say a field in an OBX segment within HL7 and compare it to a string passed. Is it possible to have the user enter the Operator ( >,<,=,<>) as a variable inside Cache object script? Does anyone have any examples they can share?
Thanks
Scott Roth
The Ohio State University Wexner Medical Center
We have a new requirement being push down by our Data Security to no longer use Local SQL Accounts to access our Databases. So they asked me to create a Service Account that is on the Domain for our connections to each database.
I tried just changing my JDBC connection to using this Service Account and Password but I am not having any luck trying to connect to the database.
" Connection failed.
Login failed for user 'osumc\CPD.Intr.Service'.
I have a global that defines the instance that Ensemble is running under. I want to use this as part of another Global so I don't have to hard code a path.
For Example
^OSUWMCInstance = "TestClin"
^OSUMCLDAP("LDAPKey") = "/ensemble/^OSUWMCInstance/mgr/LDAPKeyStore/"
Is this possible?
Thanks
Scott
I wrote a ZAUTHENTICATE.mac a couple of months back, and found recently that it is creating coredumps on almost a nightly basis. I think I have figured out this problem to be not clearing out my MsgSearch after I am doing 2 of them within the code.
1. Get User Attibutes from AD
2. Get User Groups From AD
So while I am trying to cleanup the code I thought it would be a good time to add a Certificate and TLS to the mix since I should of been using that all along.
I have several stored procedures that when I execute them they will only return a single snapshot. In my BP I have been setting this to a Snapshot variable then looping using a WHILE through the snapshot variable just to get that single value.
Since it is only a single row, is there an easier way where I don't have to do a WHILE loop to pull the values out of that row? Can I call First Row or something like that to get me just the row into the Snapshot variable?
Without installing Kerberos has anyone Authenticated a SQL JDBC connection? Currently we are using local SQL Accounts to sign onto External SQL Databases, but we are being told that we need to switch to Service accounts that live on a Active Directory Domain.
I wrote with a little help a ZAUTHENICATE to do the Authentication for Ensemble, can I use something like that to connect to an External SQL Database using a Service Account on a Active Directory Domain?
Thanks
Scott
I have a vendor that is sending me an Abbreviation in FT1:16.4.2 that I need to look up against a table to find the correct ID for.
FT1|1|||20180523161501|20180523161503|CG|1906551^Lipid Profile|||1||||||^^^ LAB&06CL
But in my Business Process when I refer to request.GetValueAt("FT1:16.4.2") its not recognizing that this field contains information. Is my syntax wrong?
Is it possible to produce a .json format using Ensemble 2015.2.2? Not sure what the trigger will be as of yet, but we have our local Department of Health trying to develop a reporting piece using .json.
Not sure how this will work with our Ensemble instance not being in the DMZ to send outside our network, but I thought I would ask anyway to see if it is possible.
Thanks
Scott Roth
Is there a way to make the system users like _SYSTEM and ensadm bypass the Delegated sign-on and not cause it to fill up the Audit trail with "Programmer mode login failure"?? I figured I still had to leave password login enabled for the background users to run. How would I script if username = "_SYSTEM" then don't do the Delegated sign on?
Here is my ZAUTHENTICATE
s $zt="Error"
s Status = 0
i Password="" {
s Status= $SYSTEM.Status.Error($$$InvalidUsernameOrPassword)
g Error
}
i $$$WindowsLDAPServer {
s AdminDN=$Get(^OSUMCLDAP("User"))
s AdminPW=$Get(^OSUMCLDAP("Pass"))
}
//Connect to the LDAP server
s LD=##Class(%SYS.LDAP).Init($$$LDAPServer)
i LD=0 {
s Status=##Class(%SYS.LDAP).GetLastError()
s Status="Init error: "_Status_" - "_##Class(%SYS.LDAP).Err2String(Status)
g Error
}
//Authenticate the passed in user by using the Binds command
//s Domain="OSUMC.EDU"
#; Begin Binding Process"
s Status=##Class(%SYS.LDAP).SimpleBinds(LD,AdminDN,AdminPW)
i Status'=$$$LDAPSUCCESS {
s Status = Status_", ldap_Simple_Bind(AdminDN) - "_##Class(%SYS.LDAP).Err2String(Status)
#;w !,Status
g Error
}
i $$$WindowsLDAPServer {
s Filter=$$$WindowsFilter_"="_Username
}
i $$$WindowsLDAPServer {
s AttributeList=$$$WindowsAttributeList
}
i $$$WindowsLDAPServer {
s BaseDN=$$$WindowsBaseDN
}
s SearchScope=$$$LDAPSCOPESUBTREE
s Timeout=30
s SizeLimit=1
s Status=##Class(%SYS.LDAP).SearchExts(LD,BaseDN,SearchScope,Filter,AttributeList,0,"","",Timeout,"",.SearchResult)
i Status'=$$$LDAPSUCCESS {
i Status=$$$XLDAPFILTERERROR {
s Status="1,User "_Username_" does not exist"
w !,Status
} else {
s Status=Status_",ldap_Search_Ext - "_##Class(%SYS.LDAP).Err2String(Status)
}
g Error
}
s NumEntries=##Class(%SYS.LDAP).CountEntries(LD,SearchResult)
i NumEntries=-1 {
s Status=##Class(%SYS.LDAP).GetError(LD)
s Status=Status_",ldap_Count_Entries - "_##Class(%SYS.LDAP).Err2String(Status)
g Error
}
i NumEntries=0 {
s Status="1,User "_Username_" does not exist"
g Error
}
i NumEntries>1 {
s Status="1,LDAP Filter is not unique"
g Error
}
s CurrentEntry=##Class(%SYS.LDAP).FirstEntry(LD,SearchResult)
i CurrentEntry=0 {
s Status=##Class(%SYS.LDAP).GetError(LD)
s Status=Status_",ldap_FirstEntry - "_##Class(%SYS.LDAP).Err2String(Status)
g Error
}
s DN=##Class(%SYS.LDAP).GetDN(LD,CurrentEntry)
i Password="" {
s Status="1,ldap_Simple_Bind("_DN_") - password cannot be null"
g Error
}
s Status=##Class(%SYS.LDAP).SimpleBinds(LD,DN,Password)
i Status'=$$$LDAPSUCCESS {
s Status=Status_",ldap_Simple_Bind("_DN_") - "_##Class(%SYS.LDAP).Err2String(Status)
g Error
}
s Attribute=##Class(%SYS.LDAP).FirstAttribute(LD,CurrentEntry,.Ptr)
while (Attribute'="") {
s Values=##Class(%SYS.LDAP).GetValuesLen(LD,CurrentEntry,Attribute)
#;Values:"_Values
s Properties("Attributes",Attribute)=Values
s Attribute=##Class(%SYS.LDAP).NextAttribute(LD,CurrentEntry,.Ptr)
}
s Properties("Username")=Username
s Properties("FullName")=$li(Properties("Attributes","displayName"))
k Properties("Attributes","displayName")
s Properties("Comment")=$li(Properties("Attributes","department"))
k Properties("Attributes","department")
s Properties("EmailAddress")=$li(Properties("Attributes","mail"))
k Properties("Attributes","mail")
s GroupFilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:="_DN_"))"
s GroupAttributes=""
s Status=##Class(%SYS.LDAP).SearchExts(LD,BaseDN,$$$LDAPSCOPESUBTREE,GroupFilter,GroupAttributes,0,"","",10,0,.GroupSearchResult)
#;GroupSearch Status: "_Status
i Status'=$$$LDAPSUCCESS {
w !,"SearchExts error: "_Status_" - "_##Class(%SYS.LDAP).Err2String(Status)
g Error
}
s GroupNumEntries=##Class(%SYS.LDAP).CountEntries(LD,GroupSearchResult)
i GroupNumEntries=-1 {
s Status=##Class(%SYS.LDAP).GetError(LD)
s Status=##Class(%SYS.LDAP).Err2String(Status)
g Error
}
w !
i GroupNumEntries=0 {
w !,"No nested groups for "_Username_" found"
g Done
}
i GroupNumEntries>0 {
}
s GroupCurrentEntry=##Class(%SYS.LDAP).FirstEntry(LD,GroupSearchResult)
i GroupCurrentEntry=0 {
s Status=##Class(%SYS.LDAP).GetError(LD)
w !,"FirstEntry error: "_Status_" - "_##Class(%SYS.LDAP).Err2String(Status)
g Error
}
s Groups=""
While (GroupCurrentEntry'=0) {
s GroupDN=##Class(%SYS.LDAP).GetDN(LD,GroupCurrentEntry)
i GroupDN="" {
s Status=##Class(%SYS.LDAP).GetError(LD)
w !,"GetDN Group error: "_Status_" - "_##Class(%SYS.LDAP).Err2String(Status)
g Error
}
s CN=$p(GroupDN,",",1)
s AD=$p(CN,"=",2)
s AD=$zcvt(AD,"L")
s exists=''$d(^|"%SYS"|SYS("Security","RolesD",AD))
i exists{
s Properties("Roles") = AD
#;w !,Properties("Roles")
}
s GroupCurrentEntry=##Class(%SYS.LDAP).NextEntry(LD,GroupCurrentEntry)
}
Done
i $d(SearchResult) d ##Class(%SYS.LDAP).MsgFree(SearchResult)
i +$d(LD) d ##Class(%SYS.LDAP).UnBinds(LD)
q $SYSTEM.Status.OK()
Error s $zt=""
i $d(SearchResult) d ##Class(%SYS.LDAP).MsgFree(SearchResult)
i +$d(LD) s Status=##class(%SYS.LDAP).UnBinds(LD)
i $ze'=""{
q $SYSTEM.Status.Error($$$CacheError,$ze)
} else {
q $SYSTEM.Status.Error($$$GeneralError,"LDAP error: "_Status_" - "_##Class(%SYS.LDAP).Err2String(Status))
}We have scripted a process where we can run EnableConfigItem from the cron in AIX so we can run multiple scripts at a time vs the scheduler in Ensemble that is single threaded. For the most part this works fine, until that service/operation has an error on it then it seems that everything else that is called after that instance halts.
Is there something that is stopping EnsConfigItem() from running once something has error'd?
Can something be forced like it does if we try to enable/disable in the gui and it times out?
this is the single command line we are calling
zn "$1"
w ##class(Ens.Director).
Has anyone use any other setting then -1 on the Stay Connected setting on a SQL.OutboundAdapter? I am having issues with a particular database and wonder if it would be beneficial since I only connect once a day to read the data from the Adapter to create an HL7 message.
Thanks
Scott Roth
We have a case where a vendor can send us more information in the DICOM message rather than in the HL7 result message. In theory it should be possible to take a DICOM and convert it to HL7, stupid question is has anyone done it before? Does anyone have any good examples of a DTL they did to show me how to setup the message structures and translation?
Thanks
Scott Roth
The Ohio State University Wexner Medical Center
I have several BPL's that act like SQL Server Integration Services (SSIS) where they are transferring data. When I do this they are all being written under 1 session id, is it possible to make the BPL create multiple session ID's as it is cycling through a Snapshot, so it is easier to read in the trace?
Thanks
Scott Roth
Is there a way to pull a user name and password from the Credentials list that is kept in Ensemble? Right now I have a LDAP user that I have hard coded into my ZAUTHENTICATE, which I would like to get away from. I am not to familiar with settings Global, or calling them at least.
Thanks
Scott
I am working on an ZAUTHENTICATE.mac to move us from local cache users to Delegated Authentication against LDAP.
I have created a user role within my instance of Ensemble that matches the AD Group that I will be assigning everyone in my group to. Is there a way to query the list of available Roles within Ensemble, and if one of my AD groups matches that role, set the role for that user?
How would I compare the AD Group against the Role listing?
Thanks
Scott
I am working through trying to use ZAUTHENTICATE.mac and LDAP.mac to do Delegated sign on into Ensemble. In reading over the samples and the documentation, I am not clearly finding on how to set the Appropriate Role from the LDAP group I return. Can someone help explain this part to me? If I have a user sign on, and I return a "Group" from the Authentication, how do I get that to transform into the Role I need for Ensemble.
Thanks
Scott Roth
Does anyone have a function they built to change a name from all lower case, or all upper case to mix case?
Thanks
Scott Roth
As I was going though and trying to figure out why our CACHE.dat has increased in size over the past 18 days, I found that EnsLib_HL7.Message is still retaining messages dating back to 2014 even though we have our purge set to 10 days. Has anyone else experienced this?
Thanks
Scott Roth
The Ohio State University Wexner Medical Center
We have noticed in the course of the last 18 days our CACHE.dat has grown by 20 GB. Is there a way we can break down the data in CACHE.dat to see what could be growing in size?
Let me state it another way.....Is there a way to see what space an Operation/Service/Process is taking up within a certain Production?
Thanks
Scott Roth
The Ohio State University Wexner Medical Center