An ABL application can implement the user authentication for a user-defined authentication system that is not configured with an ABL authentication callback. In this case, the application performs the user authentication directly against a user account system that it either implements itself or accesses externally, similar to an ABL authentication callback. However, an application-performed authentication can support a larger variety of user credentials, depending on the user account system. For example, the user credentials might consist of a biometric signature, such as a finger print, if that is what the user account system requires. However, if it is to work with other OpenEdge identity management features, the result of any successful application-performed user authentication must include the same user credentials to seal in a security token that are required for any OpenEdge-performed user authentication. For example, this allows the application-authenticated user identity to be validated and established in the ABL session or available database connection using an OpenEdge SSO operation.