To configure a web application to use the OpenEdge Authentication Gateway, set the following properties in the PAS for OpenEdge web application's instance_name/webapps/Web_app_name/WEB-INF/oeablSecurity.properties file:
Specify the directory where the STS AuthenticationProvider looks for the Authentication Gateway's client key file. The STS AuthenticationProvider searches oeablSecurity.properties files for a specified sts.UserDetails.stsKeystore value in the following order and uses the first value it finds:
a. $CATALINA_BASE/webapps/<web-app-name>/WEB-INF/
b. $CATALINA_BASE/ablapps/abl-app-name/conf/
c. $CATALINA_BASE/conf/
d. $CATALINA_HOME/conf/
If the path to the client key file is not specified in any of those oeablSecurity.properties files, the value of the STSKEYSTORE multi-session Agent process environment variable is used. And if STSKEYSTORE is not set, the default client key file in openedge_install_dir/keys is used.
Next, edit the web application's URL access control file, instance_name/webapps/Web_app_name/WEB-INF/oeablSecurity.csv. If your URL access controls are role-based (I.e.when a user must be assigned a particular role to gain access), you must change the hasRole(...) field to include one of the role names inserted into a client principal issued by the Authentication Gateway's STS.
Note: If the web application's URL access controls use hasRole(...) and the client principal issued by the Authentication Gateway's STS does not include a role attribute, access to some of the application's URLs will be rejected
Finally, optionally specify any advanced STS AuthenticationProvider properties, which include, but are not limited to:
Customized TLC connection attributes
A customized HTTP header name that is used to pass client-key authorization to an STS
A customized HTTP User-agent header value that identifies the client to an STS
Detailed description of these advanced properties can be found in the instance_name/conf/oeablSecurity.properties.README file.
Customized TLC connection attributes