There are two thoughts I have on this example:

  • The use of %All is a very bad idea.  This gives the maximum permissions to the connection.  Having just attended a seminar on penetration testing it is frightening how small gaps in security can be exploited to compromise a system.  Better to identify the specific resources  and roles needed for this action to complete and give only those.
  • Authentication is only taking place after the connection has "breached the castle walls".   The code is already running inside you environment and with %All privileges

Your utility methods are fine.  However I would implement them using Delegated Authentication.  This feature of IRIS allows you to provide your own code to do authentication.  The difference is that it executes as part of the normal authentication process.  The connection has not yet gained access to the environment and will not gain access if authentication is not passed.  Any failure or attempted breach of the code causes an "Access Denied" message to be returned and the connection terminated.  It is also possible to use this in combination with other authentication methods so this only needs to be used on REST services where it is needed.  This would also remove the need to add any special permissions like %All to the Web Application definition.  Here is the documentation for this.

Delegated Authentication

Whether or not using the Adapter over an instantiation of the %Net.HttpRequest is a matter of your needs really.  The adapter seeks to make things "simpler" in some way.  However if you need greater control over the process and response using the HttpRequest directly is also a reasonable direction.  I have done both depending on my needs.

Glad it is working for you in an manner that is maintainable.  That is what is important.

First I have had success just leaving the GetCredentials out, but you are correct in that the documentation says you should have this.  Change your GetCredentials code to be just

return $$$GetCredentialsFailed

This will cause the process to revert to normal username and password prompting.   You only need to implement GetCredentials code if you are pulling the username and password from somewhere else such as taking the authentication header out of a REST call.

Link to the docs   https://docs.intersystems.com/irislatest/csp/docbook/DocBook.UI.Page.cls?KEY=GAUTHN_delegated#GAUTHN_delegated_zauthgetcreds

Sorry if I am a bit late to the discussion.  Let me address your issues in order

  • This is not necessarily a problem, but I noticed that the method SendPostRequest is executed again from start to finish for each reply, reinitializing all variables as if it were the first execution, except for the RetryCount variable, which indicates the current resend count.
    • This is expected behavior.  Messages are handled as a specific unit of work (atomic).  When a message errors and is going to retry it is basically put back on the queue to process.  When the retry occurs it is treated as a new message with the exception, as you noted, of the retry count. 
  • Setting Retry = 0 prevents message resending, even with active Reply Code Actions (e.g., E=R).
    • Also expected.  With this configuration the reply action code may be set to retry , but this setting is indicating that no (0) retries are to be attempted.
  • The timeouts are not respected. Instead, the message is resent every 30 seconds instead of 18 (I also tried other Response Timeout values like 20 or 35 seconds, but nothing changes). The Retry Interval is not respected either; the resending is attempted a number of times equal to FailureTimeout/30 instead of FailureTimeout/RetryInterval, as written in the documentation.
    • This seems to be the main issue.  The ResponseTimeout is a property of the Adapter. The default value of this setting is 30 which is what you are seeing.  It appears that you have a custom Business Operation here that is using the EnsLib.HTTP.OutboundAdapter and that you assign this adapter in code rather than using the ADAPTER parameter.  When you initialize this you should assign the reference to the Adapter property of the Business Operation.  Then when you want to set the response timeout in code you would update the property of the Adapter. I would highly recommend using the ADAPTER parameter unless you need to dynamically change the adapter at runtime.  If done in code at runtime you need to be sure that everything is initialized properly
  • After the Failure Timeout expires, an error is generated even if one or more responses have been received. Despite the responses arriving, the BO does not detect them and generates the error: "ERROR 5922: Timed out waiting for response". The message continues to be resent until the Failure Timeout expires, and finally the "ERROR <Ens>ErrFailureTimeout: FailureTimeout of 90 seconds exceeded in lombardia.OMR.BO.Sender; status from last attempt was OK".
    • What is being reported here is the last known status of the operation.  In this case that is the error indicated.   There is a difference between a reply and a response.  The Visual trace is indicating that the operation receive a  reply.  This reply was an error.   The 'Response' is what is received from the Web Server.  This never arrived hence the error.  Business Operations will always receive a reply of some kind.  This reply may indicate an error as in this case or success

If you continue to have issues I would encourage you to reach out to the Worldwide Response Center (WRC) for support.  Additionally you could contact your assigned Sales Engineer.

Regards,

Rich Taylot

Julio,

Well, the short answer is that you don't.  Solutions like Health Connect/IRIS for Health/Ensemble work autonomously.  There is no one sitting there to respond to the MFA Request.

The way that this is normally handled is by requesting from the MFA provider something referred to by several names.   For example in GitLab you go to your profile and request an "Access Token".  In Gmail you would go to security and get an "App Password".

The SFTP server administrator would likely have to provide this to you.

Usually these are setup specific for your application even specific to the operation if you want.  What this provides is a token that you would use as the password on the authentication.

Hope this helps.

Regards,

Rich Taylor

Thomas,

That does present a problem.  At this time I don't believe we have a function for function replacement for that %ZEN.Auxilliary class.  There are issues with how that object to JSON mapping was done that could result in exceedingly large blocks of JSON.  I would encourage you to raise this issue with your Sales Engineer who would be in a good position to present a feature request in the proper context to Product Development.

In the meantime, I can suggest a couple of ways to deal with this.   

  1. Create a wrapper class for these message.  This wrapper would inherit from the SOAP message class and %JSON.Adaptor.  Now you should be able to use the methods to convert to JSON.  The downside of this is that you may need to create a number of these wrapper classes if the SOAP api is extensive.
  2. The "natural" form of SOAP is XML.  You could create or look for an XML to JSON conversion utility.  This could be done utilizing our Embedded Python capability.  There are techniques and Python libraries that could do this conversion.  One such technique can be found here:  https://www.geeksforgeeks.org/python-xml-to-json/.

To use Python Libraries in ObjectScript you import the Python libraries and then just call the methods.  Here is a small example of using the Python standard 'os' library.

set pyPaths = $System.Python.Import("os.path")
pyPaths.normpath(pyPaths.join(fullPath,"Source"))

If you wish to try option 2 here is a documentation link to help you get started.

Introduction to Embedded Python

This error is coming out of IRIS rather than the OS.  To determine what is happening would require knowing the authentication method you are using and the IRIS user you are attempting to log in as.  At first glance I would believe that your organization is in the process of tightening security.  If this worked before and does not work now then the IRIS permissions that control access to Terminal have been removed from your user.   I would discuss this with your system administrators to determine what has changed and have access restored if that is in keeping with policy.

Due to this involving aspects of your security, if you need further assistance I would encourage you to contact InterSystems support rather than share details here.  The contact numbers are:

+1-617-621-0700 (US)

+44 (0) 844 854 2917 (UK)

0800615658 (NZ Toll Free)

1800 628 181 (Aus Toll Free)

You could also use a regular expression with the %Regex.Matcher class

set regex = ##Class(%Regex.Matcher).%New("(/w)*")

The "/w" refers to any word character include alphabetic, numeric, and connecting characters).  This is wrapped in a grouping expression '()' and finally the * say match 0 or more occurences.  

You can then examine the GroupCount and Group multidimensional properties to see the results.

As someone else indicated applications will normally have a configuration page for the driver.  

In dBeaver for example when you setup a connection there is a "Driver Settings" button 

Clicking on this will allow you to configure a JDBC driver for connecting.  To start you would go to the libraries tab and point at the InterSystems JDBC jar file as shown below.  Your path would look something like c:/InterSystemsJDBC/intersystems-jdc-3.2.0.jar (your folder may be different).

Finally on the Settings tab you would indicate the class name and other connection settings

If you are trying to connect programaticaly you can use whatever library you wish and provide the same type information.  Here is an example in Python using the JayDeBe API library.

    IRIS_JARFILE = "c:\JDBCdrivers\intersystems-jdbc-3.2.0.jar"
    IRIS_DRIVER = "com.intersystems.jdbc.IRISDriver"

    JDBC_JARFILES = [IRIS_JARFILE]
    # Database settings - this should be in a config file somewhere
    # credentials.MyCreds = ["username","password"]
    dbConn = jaydebeapi.connect(IRIS_DRIVER, 
      jdbc:IRIS://10.17.10.84:1972/B360",
      credentials.MyCreds, JDBC_JARFILES)

You can also use the iris.system object in python. 

iris.system.Version.GetVersion() returns the full version ($ZV)

IRIS for UNIX (Ubuntu Server LTS for x86-64 Containers) 2022.2 (Build 356U) Thu Oct 6 2022 22:56:28 EDT

There are other methods here to call to such as GetMajor() which would return '2022' and GetPlatform() which returns 'Ubuntu Server LTS for x86-64 Containers'

do dir(iris.system.Version) at the python shell to see them all.

Careful with the 'objectscript.export' folder setting.  This needs to match where, under the root of your VScode project, your source lives.  For example my settings are:

        "folder": "iris/image/iris_src/dev",
        "addCategory": true,

So under my VScode project folder I have the path indicated in Folder.  This is how my git repository is setup.  Now my 'addCategory' is also true.  Therefore under that /dev folder I have sub-folders for 'cls' and 'rtn'.  All my classes should be under the 'cls' folder and any routines are under 'rtn'.  There are other sub folder too for other elements, but you should get the idea.

To add to the puzzle there is also the setting "objectscript.export.atelier".  With this setting true the plug in expects each package and sub-package to be a separate directory.  So if I have a class Example.code.test what you will end up with is a path, given my setup above, under vs code that looks like this.

iris/image/iris_src/dev/cls/Example/code/test.cls

If the file whose definition you are trying to get to is not in the right place it will open it in read-only mode from the server when using Client-side editing

Prudhvi,

The simplest answer is no.   ZEN, which has been a deprecated technology for some time, is a complete framework deeply integrated to Cache.  It relies heavily on synchronous communications which has been deprecated by, thought still available, by most browsers.  For both reasons new development should not be done using ZEN.

Angular, on the other hand, is a modern framework for Web Application development.  It is inherently asynchronous and therefore disconnected from the back-end.  As Eduard stated the typical communication methodology is for the back-end to provide a RESTful interface which are quite easy to develop and publish both direct from IRIS or via the InterSystems API Manager.

I am going to make the assumption that this is part of an existing application that you are looking do new development on.  As stated ZEN is deprecated therefore it would be a good idea to develop a roadmap to migrate from ZEN to something like Angular.  I would take this new project and use it to explore the move to Angular.

You should also note that at some unknown point in time browsers could remove support for synchronous communications.  The latter will likely not happen for quite some time as many older applications still rely on it.  Several years back one browser, Firefox I think, tried to remove this support and had to quickly backtrack as too many applications stopped working.  So you have time.

Aaron,

In my experience you need to purchase the schema.  You can go to http://x12.org to find out more.  Depending on your usage and needs it can be a bit pricey for licensing especially if you only need one schema.  If you have a partner that has access you could piggyback on there license assuming you have a working relationship with them.  Unfortunately I did not see any option to purchase just a single schema, though there was something like that in the past as I have a colleague that did so.  You can try to contact the org to inquire.