Skip to main content


class %Net.Authenticator extends %Library.RegisteredObject

Implement the Simple Authentication and Security Layer (SASL) as defined by RFC 2222. This class will pick a security mechanism (e.g. CRAM-MD5) from a list defined by the user of this class based on server options. The selected security mechanism will use its challenge-response mechanism to authenticate this client with the selected server. Currently no negotiation or support for a security layer is implemented.
  #include %occOptions
  #include %occStatus

Property Inventory

Method Inventory


property AccessToken as %String;
An access token for use with OAuth. If an access token is supplied it is assumed that OAuth will be used instead of basic auth.
Property methods: AccessTokenDisplayToLogical(), AccessTokenGet(), AccessTokenIsValid(), AccessTokenLogicalToDisplay(), AccessTokenLogicalToOdbc(), AccessTokenNormalize(), AccessTokenSet()
property Mechanism as %Net.SASL.Base;
The SASL mechanism selected for this authentication sequence.
Property methods: MechanismGet(), MechanismGetSwizzled(), MechanismIsValid(), MechanismNewObject(), MechanismSet()
property MechanismList as %String [ InitialExpression = "CRAM-MD5,XOAUTH2,LOGIN,PLAIN" ];
An ordered, comma separated list of security mechanism names to be used for SASL authentication. Security mechanisms that are added to this list must inherit from %Net.SASL.Base. The default class name for these mechanisms is %Net.SASL.<mechanism name> where <mechanism name> is the name of a SASL mechanism with all characters except alphanumerics removed. The class name may be supplied explicitely in the format "<mechanism name>:<class name>". InterSystems IRIS-supplied mechanisms are in the package %Net.SASL.
Property methods: MechanismListDisplayToLogical(), MechanismListGet(), MechanismListIsValid(), MechanismListLogicalToDisplay(), MechanismListLogicalToOdbc(), MechanismListNormalize(), MechanismListSet()
property Password as %String;
The password for the user name being authenticated.
Property methods: PasswordDisplayToLogical(), PasswordGet(), PasswordIsValid(), PasswordLogicalToDisplay(), PasswordLogicalToOdbc(), PasswordNormalize(), PasswordSet()
property ServiceName as %String;
The service name for the service being authenticated. For example, SMTP authentication uses the service name "smtp".
Property methods: ServiceNameDisplayToLogical(), ServiceNameGet(), ServiceNameIsValid(), ServiceNameLogicalToDisplay(), ServiceNameLogicalToOdbc(), ServiceNameNormalize(), ServiceNameSet()
property UserName as %Library.Username;
The user name being authenticated. No authentication will be attempted unless UserName and Password are supplied.
Property methods: UserNameDisplayToLogical(), UserNameGet(), UserNameIsValid(), UserNameLogicalToDisplay(), UserNameLogicalToOdbc(), UserNameNormalize(), UserNameSet()


Return next response based on challenge using the selected mechanism.
method Start(authlist As %String, ByRef mechanismName As %String, ByRef response As %String) as %Boolean
Find matching SASL mechanism from blank separated authlist and return mechanism name and optional initial response for this mechanism.

Inherited Members

Inherited Methods

FeedbackOpens in a new tab