Preface
Purpose
Audience
Organization
Using ABL documentation
References to ABL compiler and run-time features
References to ABL data types
Typographical conventions
OpenEdge messages
Obtaining more information about OpenEdge messages
Examples of syntax descriptions
Long syntax descriptions split across lines
Complex syntax descriptions with both required and optional elements
What is Identity Management?
What is Identity?
How OpenEdge supports user account systems
Authentication and user account systems
User accounts for OpenEdge-performed authentication
User credentials authenticated by OpenEdge
User accounts for ABL application-performed authentication
User credentials authenticated by OpenEdge
Specifying a user ID for OpenEdge authentication
Common authentication mechanism for database clients
OpenEdge identity types and their applications
Authenticated user identity
Default user identity (for backward compatibility)
ABL default identity constraints
SQL default identity constraints
Database utility default identity constraints
Authentication mechanisms for other OpenEdge components
User identity and multi-tenancy
How is OpenEdge Identity Managed?
OpenEdge authentication
Authentication operations
OpenEdge security systems and authentication
Authentication operations supported for OpenEdge security systems
User authentication process
Process for a user authentication operation
Single sign-on (SSO) process
Process for an SSO operation
Process for a successful SSO to an ABL session
Process for a successful SSO to an OpenEdge database connection
OpenEdge authorization
Tenant authorization
Tenancy data models
Managing tenancy access across multiple ABL sessions
Role-based authorization
Configuring and Implementing Authentication in OpenEdge
Defining and configuring security domains
Requirements to configure a domain
Defining the name of a domain
Defining and specifying the system type
OpenEdge support for user authentication and SSO
Specifying the system type
Entering a domain access code
Enabling and disabling domains
Entering system options
Identifying the tenant to which a domain belongs
Pre-configured and reserved OpenEdge domains
Configuring authentication-enabled domains
Configuring authentication
Run-time domain configuration
Entering user credentials in OpenEdge
Authentication in ABL applications
Initializing a client-principal object for user authentication
Exporting and importing a client-principal object
OpenEdge-performed authentication and SSO
Application-performed user authentication
Managing identity for multi-tenancy
Configuring and Implementing Authorization in OpenEdge
OpenEdge authorization models
Non-multi-tenant vs. multi-tenant authorization
Tenant data access
When a user's domain is available for access control
User ID patterns as ACLs and ABL permissions checking
Patterns affecting ABL permissions
Access control
Access control list (ACL)
Access controls
Access token
Authentication
Authentication system
Authn
Authorization
Authorization system
Authz
Cipher
Clear text
Data integrity
Data-integrity seal
Data privacy
Decrypt
Digest
Digital signature
Disallow Blank UserId Connections
Domain
Domain registry
Encrypt
Encrypted data
Encrypted private data
Encryption
Encryption algorithm
Encryption key
IV
HMAC
Identity
Login
Login credentials
Login session
Logout
MD5
Message digest
Obfuscation
OpenEdge domain
OpenEdge security domain
OpenEdge security token
PAM
Plug-in Authentication Module
Registry
Seal
Security domain
Security system
Security token
SHA-1
Signature
Single sign-on (SSO)
Trust relationship
Trust Application Domain Registry
User account
User account system
User authentication
User authorization
User credentials
User identity
User login
User login session
Preface
User login session