Try OpenEdge Now
skip to main content
Programming Interfaces
Data Management : Application Security : Elements for authenticating ABL user identity : Security tokens in ABL
 
Security tokens in ABL
The product of all user authentication operations in ABL is a sealed security token that securely encapsulates the user's identity and establishes that identity for connection to an OpenEdge RDBMS, for access to application resources in an ABL session, or for access to an entire ABL application, including all the connected ABL sessions and databases of a multi-tier application. Thus, a single security token allows an ABL application to transport a user identity from one part of an application to another, whether for initial user authentication or to establish the user's identity for access to a possibly different database connection or ABL session.
In ABL, a security token is implemented as a client-principal object. This is a handle-based object that supports the mechanisms for authenticating a user identity, whether it is through user authentication or SSO. Depending on the context, either OpenEdge or the ABL application instantiates and seals a client-principal object for each authenticated user identity. ABL provides a number of built-in functions, statements, and handle methods that either consume or produce a client-principal object to manage a given user identity. For more information on these ABL elements, see ABL for managing user identity.
For more information on features, methods, and attributes of client-principal objects, see Client-principal objects .