Creating Configuration Items in InterSystems IRIS
In addition to preparing the MFT account, you need to create specific configuration items on the InterSystems IRIS server. Specifically, you must:
The following subsections describe the details.
Creating a TLS Configuration
InterSystems IRIS uses TLS to connect to an MFT service, so you must create a TLS configuration to use. InterSystems recommends that you create a separate configuration to use only for MFT connections, even if it uses default settings.
For details on creating a new TLS configuration, see About Configurations.
Creating a Managed File Transfer Connection
A managed file transfer (MFT) connection is a configuration item that the production can use to connect securely to an MFT service. If you have multiple productions running on a single InterSystems IRIS server, create a separate MFT connection for each production. In each case, the MFT connection must contain the OAuth 2.0 information you received from the MFT service.
To create an MFT connection:
-
From the Management Portal, go to the Managed File Transfer Connections page (System Administration > Security > Managed File Transfer Connections).
-
Click Create Connection to bring up the configuration page.
-
Specify values for the fields as follows, and then click Save:
-
Connection Name — Name for this connection for use within the production.
-
File management service — MFT service used for this connection.
-
SSL/TLS configuration — Name of the TLS configuration to use for this connection.
-
Email address — Email address of the administrator of the MFT account.
-
Base URL — Root URL meant for use in transferring files (specific to your account).
-
OAuth 2.0 application name — Name of the custom application created within the MFT service.
-
OAuth 2.0 client ID — The application identifier as provided by the MFT service. Each MFT service uses a different name for this item:
-
OAuth 2.0 client secret — The password that the MFT service provided. Each MFT service uses a different name for this item:
-
OAuth 2.0 redirect URL — URL used by the MFT service to connect to InterSystems IRIS. Enter the following values to automatically generate this URL:
-
Use TLS/SSL — Whether to use TLS to connect to the MFT service. In general, you should select this option.
-
Host name — The fully qualified domain name (FQDN) or IP address of the InterSystems IRIS server. See <baseURL>.
-
Port — The web server port specified in the Web Gateway configuration, if any.
-
Prefix — Typically blank. Specify this if needed to accommodate any changes in the Web Gateway configuration.
-
Verify that the generated redirect URL has the following form:
https://hostname:port/prefix/csp/sys/oauth2/OAuth2.Response.cls
Or (less common):
https://hostname/prefix/csp/sys/oauth2/OAuth2.Response.cls
If you omit Prefix, there is only one slash before csp.
This URL must match the one you supplied to the MFT service when creating the custom application for the production.
-
If the generated URL does not match what you had provided to the MFT service, then log in to the MFT service and edit the app definition to use the generated URL.
Authorizing an MFT Connection
The next step is to authorize the newly created MFT connection. To do so, obtain and save an access token from the Managed File Transfer Connections page (System Administration > Security > Managed File Transfer Connections), as follows:
-
Click the Get Access Token link for the connection you want to authorize.
When you do so, the Management Portal displays the login page for the MFT service.
-
Log in with the credentials for the administrative account.
Once the MFT service has authenticated the credentials, you see a page that displays the authorization request from the MFT service, listing the types of access that are to be granted to the production.
-
Click Grant Access to authorize the access. This redisplays the Connections list, and the MFT connection is now listed as Authorized.
