Using the OpenEdge Authentication Gateway for authentication

OpenEdge Release 11.7.2 extends the functionality of the OpenEdge Authentication Gateway to be a Security Token Service (STS) for OpenEdge applications hosted on a PAS for OpenEdge instance. In prior releases, its use was limited to instances and database connections.

The Authentication Gateway is a secured HTTPS server that provides STS functionality, which includes user authentication and Client-Principal generation. The use of a common Authentication Gateway for instances, databases, and applications enhances security and reduces complexity (because, for example, each PAS for OpenEdge server instance does not need to maintain its own copy of OpenEdge Domains and Domain Access-codes).

Connections between a PAS for OpenEdge instance and an Authentication Gateway server are facilitated through the STS AuthenticationProvider, a plug-in to the Progress Application Server's Spring Security framework.

For more information about the basic architecture of the STS AuthenticationProvider and its configuration, see the following topics: