0
1503

Written by

Scott Roth
Sr Application Development Analyst at The Ohio State University Wexner Medical Center
Follow
Question Scott Roth · Dec 4, 2023

Unexpected - /api/atelier login failure

#Health Connect #InterSystems IRIS #InterSystems IRIS for Health #VSCode #API #Authentication #LDAP #Security #System Administration #Web Gateway

We recently moved from using the Private Web Server, to using an Apache/Web Gateway setup and moved towards using the built in LDAP functionality within IRIS. Since then, we have 1 user that uses VSCode (/api/atelier) heavily that continues to have issues signing into IRIS through VS Code and the /api/atelier extension.

I am trying to troubleshoot two issues..

  • User having login failures with correct password. 

ERROR #798: LDAP login failed
ERROR #971: Invalid LDAP password, error 49, Invalid credentials:80090308: LdapErr: DSID-0C090449, comment: AcceptSecurityContext error, data 52e, v3839:ERROR_LOGON_FAILURE:Invalid password
Web Application: /api/atelier

  • UnknownUser trying to authenticate

ERROR #815: User not authorized for service %Service_WebGateway
Web Application: /api/atelier

When I started reviewing the login failure, I noticed that after he attempts to sign in and it fails that I am getting a warning about UnknownUser attempting to access %Service_WebGateway.

settings.json on vs code is configured..

"intersystems.servers": {

        "iristest": {

            "webServer": {

                "scheme": "https",

                "host": <server name>,

                "port": 443
            },

            "username": <user name>

        }

}

Are there additonal intersystems.server configuration settings I am missing that is possibly causing the UnknownUser and LDAP Authentication issues? I don't want to risk opening %Service_WebGateway and opening it to UnknownUser

Product version: IRIS 2022.1
Discussion (7)0
Log in or sign up to continue

Comments

Ian Minshall · Dec 11, 2023

Have you got the /api/atelier web app set to accept LDAP logins?

0
Scott Roth  Dec 11, 2023 to Ian Minshall

Yes... 

I have no issues with VSCode, its just the one user. The issue with the user I believe is with LDAP not InterSystems as the same error happens when trying to sign into the Management Portal, periodically. 

Does /api/atelier need to have unauthenticated turned on? Why am I seeing the 

ERROR #815: User not authorized for service %Service_WebGateway
Web Application: /api/atelier

I don't want Unauthenticated users to access the system or be able to get through the Web Gateway at all...

0
Eduard Lebedyuk  Dec 11, 2023 to Scott Roth

Any chance user has multibyte unicode characters in the password?

0
Scott Roth  Dec 11, 2023 to Eduard Lebedyuk

That I am not sure of... Why?

0
Eduard Lebedyuk  Dec 11, 2023 to Scott Roth

I would try a password with just a-z, A-Z, 0-9, !#$%^&*()[]{}. Maybe there's some issue with wide characters?

0
Ian Minshall  Dec 11, 2023 to Scott Roth

Does the user have the %Development resource?

0
Scott Roth  Dec 11, 2023 to Ian Minshall

Yes %Development resource is set as part of the Role he is assigned from the detail we get from LDAP. 

The user is not really the issue I have at the moment, I am trying to track down why UnknownUser keeps trying to access the Gateway.

0
David.Satorres6134 · Jul 9, 2024

Hello,

I know it's quite old and maybe it's solved, but I had a similar issue with the message ERROR #815: User not authorized for service %Service_WebGateway

In my case, the problem was in the resources setup (/csp/sys/sec/%25CSP.UI.Portal.Resources.zen). By giving public permission to the gateway , the system started to work:

Hope this helps!

0