All
Accepted answers
Bernd Mueller · Aug 23, 2023 go to post

I would not rely on RELOAD=1. To be on the safe side you need to restart the webserver. Some webgateway configuration changes require a restart of the hosting webserver.

Bernd Mueller · Aug 23, 2023 go to post

RELOAD=1 should work. Once the configuration is reloaded the line with RELOAD=1 will be removed automatically.
Registry functions to control Webgateway from within IRIS will work *after* the Webgateway is registered on the IRIS instance. That happens during the first/initial connection/request. It works, even if Webgateway is on a different machine/system. Please note: registry functions could be disabled in the Webgateway-Configuration. (default = enabled)

Bernd Mueller · May 16, 2020 go to post

Hi Ralf,
unfortunately you did not provide the policy.

It should look like this: (in Wizard, pick "Username Authentication over SSL/TLS" - leave everything else on the defaults!)

<cfg:configuration xmlns:cfg="http://www.intersystems.com/configuration" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" xmlns:wsap="http://www.w3.org/2006/05/addressing/wsdl" xmlns:wsp="http://www.w3.org/ns/ws-policy" name="service"><cfg:service classname="[your webservice-class]"><wsp:Policy><sp:TransportBinding><wsp:Policy><sp:TransportToken><wsp:Policy><sp:HttpsToken><wsp:Policy/></sp:HttpsToken></wsp:Policy></sp:TransportToken><sp:AlgorithmSuite><wsp:Policy><sp:Basic128/></wsp:Policy></sp:AlgorithmSuite><sp:Layout><wsp:Policy><sp:Strict/></wsp:Policy></sp:Layout><sp:IncludeTimestamp/></wsp:Policy></sp:TransportBinding><sp:SignedSupportingTokens><wsp:Policy><sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"><wsp:Policy><sp:WssUsernameToken11/></wsp:Policy></sp:UsernameToken></wsp:Policy></sp:SignedSupportingTokens><wsap:UsingAddressing/></wsp:Policy></cfg:service></cfg:configuration>

In SOAPUI, enable WS-Addressing. Below the request-message there is a small button-line starting with [Auth] ... here you also find [WS-A] where you can find a checkbox to enable it.
Add the WS-A to the request. Right click on the request-message -> "WS-A headers"-> "Add WS-A headers".
Right click on request-message you can Add "WSS UsernameToken" and "WS-Timestamp" if you do not have configured that otherwise in general.
This works for me.
Please note: SOAP-logging (with "iosv" flags) is always a good help.
HTH,
Bernd

Bernd Mueller · May 1, 2020 go to post

Currently, there is no API to request a new session cookie.

If we wished to implement this in the absence of any real security concern it would need to be scheduled by our product management and as en enhancement.

So far you have not suggested any compelling reason to do this.

Do you have an example of a valid attack against CSP?

Sorry, but I still do not see a general CSP related vulnerability problem here.

Please let us continue in WRC problem you've already opened for this same question recently.

Thanks and kind regards,
Bernd

Bernd Mueller · Apr 10, 2020 go to post

to clarify. You have 3 possibilities:
- mg-dbx is a 3rd party product/connector (similar cache<nnnn>.node, iris<nnnn>.node, see next)
- cache<nnnn>.node, iris<nnnn>.node is InterSystems "legacy" node.js adaptor/connector. I don't know how long we will support it in future.
- Native API for node.js. This is InterSystems latest node.js API, recommended for new developments.
  See here: https://docs.intersystems.com/irislatest/csp/docbook/Doc.View.cls?KEY=P…

Bernd Mueller · Apr 10, 2020 go to post

Hi Marco,
if you are a supported customer you should have access to WRC online and ask for it. We will deliver it on demand depending on what you need.
If you don't have an active WRC account, write an email to support@intersystems.com and our FRC can clarify and create one for you.

Bernd Mueller · Mar 27, 2020 go to post

Hi,

i would start with the xml-structure you expect and which probably/hopefully is already defined by an xml-schema.

You can import xml-schemas into IRIS to generate XML-enabled classes which extends %XML.Adaptor.

https://docs.intersystems.com/irislatest/csp/docbook/Doc.View.cls?KEY=G…

If you do not have a xml-schema, you need to create it or your xml-enabled classes manually. (extending %XML.Adaptor)

https://docs.intersystems.com/irislatest/csp/docbook/Doc.View.cls?KEY=G…

If you have that ready, let your XML-enabled classes also extend %JSON.Adaptor.

https://docs.intersystems.com/irislatest/csp/docbook/Doc.View.cls?KEY=G…

Use %JSON.Adaptor to import the JSON data (i think DynamicObject is also supported here directly)
into your XML enabled class with the help of %JSONImport() method.

Then use XMLExport..() method (inherited from %XML.Adaptor) to export as XML data.
I have not tried this so far but i think it should work :)

HTH,
Bernd

Bernd Mueller · Oct 16, 2019 go to post

Hi,
are you all set now? Or do you still get the same error? Please confirm.

You can add parameter debug: "debug.log" with the open() if it still does not work in order to hopefully get more information!?

Anyway, if you are local anyway you should use native connectivity mode instead tcp since it get's you better performance.
 

Bernd

Bernd Mueller · Oct 16, 2019 go to post

Hi,
you can test your Node environment within a simple windows command window (CMD.exe):

C:\>node -v
v0.10.26

C:\>node
> x=require('cache.node')
{ Cache: [Function: Cache] }
> y = new x.Cache
{}
> y.version()
'Node.js Adaptor for Cache: Version: 1.0.63 (CM)'
>

Do you have renamed cache0100.node into cache.node an copied it into location specified in environment variable NODE_PATH ? e.g. NODE_PATH=C:\Program Files\nodejs
 

If not, you need to specify path to cache.node within require(), e.g. x=require('c:/mypath/tocachenode/cache')
HTH,
Bernd

Bernd Mueller · Oct 16, 2019 go to post

Hi,
for tcp connection mode you need to specify superserver-port, not webserver port.
HTH,
Bernd

Bernd Mueller · Mar 6, 2019 go to post

ah, i see that you have contacted support in the meantime and a WRC problem is already logged for this.
If the issue is solved, please update the solution here as well.

Bernd Mueller · Mar 6, 2019 go to post

Hi,
i would start with a SOAP-LOG ("ios") to see what is sent out and what SoapAction is used from within Caché soap client.
see SOAP Logging docs here.

Use/install 3rd party tool "soapUI" (there is a free version), import WSDL and try to sent request from here. See if you can make it working and chekc http-log in soapUI to see what soapUI is exactly sending out to the service.

Some WebServices requires SOAPAction http-header to be quoted. To achieve this you need to use SOAPACTIONQUOTED param in your WebClient class, e.g.

Parameter SOAPACTIONQUOTED = 1;

HTH,
Bernd

Bernd Mueller · Mar 5, 2019 go to post

i just tried and installed from kit-file "CSPGateway-2018.1.1.643.0-win_x64.exe" and the CSPa24.dll included is 64-bit as expected.

Bernd Mueller · Mar 4, 2019 go to post

yes, internal private apache webserver (PWS), the embedded one coming with the IRIS installation is still 32-bit on windows x64.
"CSPGateway-2018.1.1.643.0-win_x64"  kit should contain 64-bit CSPGateway binarys/dlls.
You can check bitness/architecture of your apache with the command: >httpd -V
Bitness of apache and CSPGateway binarys *must* match!


There is an alternative to dumpbin in order to check bitness of CSPGateway binarys/dlls which IMHO is easier:

Open executable or dll in editor (notepad, notepad++), check the first printable characters *after* the first occurrence of "PE".

This part is most likely to be surrounded by at least some whitespace (could be a lot of it), so it can be easily done visually.

x86:

PE  L

x64:

PE  d†


HTH,
Bernd

Bernd Mueller · Jan 25, 2019 go to post

Hi Jiri,
we have done some recent changes to make this working without the need of configuring a redirection.
Please drop me a note if you are interested or contact WRC and i will investigate more details on this for you.
Kind regards,
Bernd

Bernd Mueller · Nov 9, 2018 go to post

To let *all* (and custom) CGI-Variables coming through, you probably need to set the extra environment variables in the CSP Gateway configuration.

You can set/specify via the "Extra CGI Environment Variables" Setting in the "Application Access" section in CSP Gateway Management.

If you enter a * here, *all* CGI-Variables will be sent/tranmitted and provided to Caché-Server-Side in the %request.CgiEnvs multidimensional property.

HTH,

Bernd

Bernd Mueller · Oct 20, 2018 go to post

Hi David,
you have to use IRIS() (all uppercase).

There is a typo in the documentation we will correct soon.

Regards,
Bernd

Bernd Mueller · Jun 8, 2018 go to post

just to clarify:

Caché cube unfortunately does notsupport opening web-ressources by https directly so far. (currently only http fix)
Special version of ServerManager.exe does not help to solve this issue. It's for the "old" way of doing ssl/tls client configurations, which is not recommended for recent versions of Caché anymore.

See here Katherine's great article on the new way of configuring client application for ssl/tls :

https://community.intersystems.com/post/configuring-cach%C3%A9-client-a…

A workaround to solve this issue with the Cube is to setup http to https redirection on the webserver level as already mentioned here by Eduard as well.

Regards,
Bernd

Bernd Mueller · Jun 6, 2018 go to post

Hi,
underscore in method names are *not* supported and possible, I am afraid.

Besides the SoapAction already mentioned by Eduard you can try if adjusting the SoapMessageName and SoapRequestMessage keywords
at the method level in your WebService are helping to get what you want.

Here is an example:

Method AddInteger(Arg1 As %Integer = 0, Arg2 As %Integer = 0) As %Integer [ SoapAction = Add_Integer, SoapMessageName = Add_Integer_Response, SoapRequestMessage = Add_Integer, WebMethod ]
{
  Quit Arg1 + Arg2
}

HTH,

Bernd

Bernd Mueller · May 7, 2018 go to post

Hi Steve, what you're missing? This is "Using Node.js with Caché" and includes the available API's. Connection options and parameters are described here as well.

Cheers,
Bernd

Bernd Mueller · Feb 6, 2018 go to post

if i remember correctly you do not need to create a custom tag in order to use your customer version of the lookup-class. You can use the default CSP:search tag and provide your modified custom lookup-class by the "searchpage" attribute.

<csp:Search name="FindPerson"
    searchpage="%ZCSP.PageLookup.cls?SEARCH&..."
    onselect="onFindCustomer"
    classname="Sample.Person"
    ...

Bernd Mueller · Feb 1, 2018 go to post

if we can not allocate a license for a REST call/request we report a "503 Service unavailable" error by default.

Please note: Studio, Terminal and SMP allocates a license-slot. Every unauthenticated REST request will retain a license-slot for at least 10 sec. after request is finished.

Bernd Mueller · Jan 31, 2018 go to post

open declaration for/on routines will be included/fixed in upcoming v1.2. Stay tuned.