Configuring your OpenEdge database

This section describes the steps to configure an OpenEdge database to communicate with the STS.

Prior to enabling your database to use the Authentication Gateway, you must have domains defined and loaded in the database that match the domains defined in the STS. If all your domains are currently defined in your database, you can dump them from your database with dump_domains.p to import into your STS; conversely you can load domain definitions into your database with the dictionary prodict/load_d.p.

Once you have your domains in agreement between the Authentication Gateway STS server and the database, if you changed domain information in the STS, re-generate an STS Server key. See STS server key configuration.

The database must know the URL of the Authentication Gateway STS server. Load the URL of the STS into the database with the STS URL Utility, as shown:

Specify the new URL for the Authentication Gateway to insert into the database configuration using the format: https://<host>[port][/sts-application-name]

For more details on the stsurlutil, see STS URL Utility.

If you are using roles, you must enable the database and then grant users roles using the STS Connection Role utility.

To enable connection roles, use the following command:

To grant a user connection roles, use the following command:

For details on stsconnroleutil, see: STS Connection Role Utility

Once you have added domains and the STS URL to your database, you can enable it to use the Authentication Gateway. Use the following command:

For more details on the command, see PROUTILENABLEAUTHGATEWAY qualifier

You can disable the use of the Authentication Gateway at any time with PROUTIL DISABLEAUTHGATEWAY. However, once you disable use of the Authentication Gateway in your database, you must re-configure the STS URL prior to running PROUTIL ENABLEAUTHGATEWAY. The PROUTIL DISABLEAUTHGATEWAY deletes the URL from the database. For more information, see PROUTILDISABLEAUTHGATEWAY qualifier.