In ABL, you can assert a user identity that has already been authenticated by any trusted authentication system using the following elements:

Either SET-CLIENT( ) or SET-DB-CLIENT take a sealed client-principal object and validate its user identity against a trusted domain registry, and if successful, sets the identity to an ABL session, a database connection, or an entire application with many connected ABL sessions and database connections, depending on method or function and how you call it. SSO validates a user identity that might have been authenticated at another location, but in exactly the same security domain. This user identity can be stored and passed around an application independent of the ABL session or database connection for which it was originally authenticated. For more information on managing identities for both session and database access, see OpenEdge Getting Started: Identity Management. For more information on asserting identities as a trusted user from ABL, see the sections on application security in OpenEdge Development: Programming Interfaces.