All
Accepted answers
Shane M Elliott · Apr 30 go to post

yes, I was correct,. it is expecting the baseUrl
 

Method ValidateAudience() As %Boolean [ Private ]
{
    Set JWTAudience = ..%TokenObject.aud
   
    If JWTAudience'="" {
        Set matched = 0
        Set currentAud = $$formatAud(..%BaseURL)
        If '$IsObject(JWTAudience) {
            // Compare single audience from JWT.
            If $$formatAud(JWTAudience)=currentAud {
                Set matched = 1
            }
        } Else {
            // Compare multiple audience from JWT. In this case it is a %DynamicArray.
            For i = 0:1:JWTAudience.%Size()-1 {
                If $$formatAud(JWTAudience.%Get(i))=currentAud {
                    Set matched = 1
                    Quit
                }
            }
        }
Shane M Elliott · Apr 30 go to post

I have identified my issue, and implemented a workaround at least for my proof of concept.  What I found in the FHIR Logs is the audience (aud) is not matching from the FHIR Oauth class.   It appears the OAuthClass is blocking based on the audience as Entra is sending the clientID and the FHIR OAuth Class is expecting something different (my guess is endpoint?).  For now, I have implemented a custom interactionStrategy and a custom OAuth2Token Handler Class to replace the standard one so this audience block does not happen.  I am pending Support on this issue otherwise.  
^FSLOG(24110)="ValidateToken^HS.FHIRServer.Util.OAuth2Token^170903|Msg|ValidateJWT() token aud=<Entra Client ID> |04/29/2026 12:27:34.436871PM"

^FSLOG(24111)="ValidateToken^HS.FHIRServer.Util.OAuth2Token^170903|Msg|Token aud failed validation|04/29/2026 12:27:34.436896PM"

Shane M Elliott · Apr 28 go to post

Update:  I enabled OAuth globally and now I can get a user, create a user and assign scopes.  But I still get 401.  

Shane M Elliott · Oct 21, 2022 go to post

After some more reading, I believe what I am attempting to do is beyond the scope of the standard iris docker images.  I have a different plan to achieve what I need pls disregard this question.  thx. 

Shane M Elliott · Oct 20, 2022 go to post

interesting, there is an irisuser defined on install.  if I su to irisuser I get the same error. 

Shane M Elliott · Oct 20, 2022 go to post

I am have a couple of  instances of VA VistA for development that I support for multiple development teams in VA.  The ssh function is to allow users to log into the VistA "interactive menus" interface. I allow ssh as a non root user and part of the .bash_profile I run iris session iris -U db '^ZU'.  this launches the VistA access/verify code login. This has worked with my cache version of a docker image before I upgraded to iris, another version of docker iris (2020) but for some reason this version (2020) is installing different (same dockerfile and docker-compose).  I am afraid to try and re-build the other container for fear this will start happening on that one as well.  

Shane M Elliott · Oct 17, 2022 go to post

Thanks, I have this as the last line:
USER ${ISC_PACKAGE_MGRUSER}
that is the same, correct? I will try irisowner. 

Shane M Elliott · Mar 30, 2022 go to post

I found a way to do it.  you just mount /etc/localtime to the correct file on the host. 

Shane M Elliott · May 9, 2021 go to post

docker run with the above image works. but I cannot build with referenced docker file.  I only have access to cache 2017.1 install.  Could that be the issue? I will see if I can get 2017.2

Shane M Elliott · May 9, 2021 go to post

I followed the directions above and was able to get cache 2017 running in docker.  However, the management portal is not responding. 
http://localhost:9092/csp/sys/UtilHome.csp - Just spins, but
http://localhost:9092/csp/bin/Systems/Module.cxw -  Works and 
http://localhost:9092/csp/sys/gateway_status.cxw =. SUCCESS.
Any suggestions?
 

docker ps

CONTAINER ID   IMAGE        COMMAND                  CREATED         STATUS         PORTS                                                                                                                                                                   NAMES

fa57f1ae6086   cacheimage  "/ccontainermain -cc…"   9 minutes ago   Up 9 minutes   23/tcp, 4001/tcp, 18001/tcp, 19201/tcp, 0.0.0.0:2222->22/tcp, :::2222->22/tcp, 0.0.0.0:9091->1972/tcp, :::9091->1972/tcp, 0.0.0.0:9092->57772/tcp, :::9092->57772/tcp   cache
run --name=cache --publish 9091:1972 --publish 9092:57772 -p 2222:22 -v /Users/user/dat:/opt/cache/dat cacheimage