When OpenEdge authenticates a user identity or validates an authenticated identity through SSO, it first retrieves the OpenEdge domain configuration identified by user credentials or a client-principal to obtain the following information:
User authentication — The authentication system to authenticate a user's credentials and (if successful) the domain access code to seal the client-principal object representing the authenticated identity to be assigned to database connection or ABL session.
SSO — The domain access code to validate that it is identical to the access code used to seal a given client-principal in order to assign the identity the object represents to a database connection or ABL session.
To retrieve the domain in either case, OpenEdge searches a trusted domain registry for a domain entry that matches the user's domain.
User authentication — The authentication system to authenticate a user's credentials and (if successful) the domain access code to seal the client-principal object representing the authenticated identity to be assigned to database connection or ABL session.
