Try OpenEdge Now
skip to main content
Identity Management
What is Identity Management? : How OpenEdge supports user account systems : User credentials authenticated by OpenEdge

User credentials authenticated by OpenEdge

The user credentials required for an OpenEdge authentication include:
*User name — A character string of varying length that specifies the user's account name (which can be blank) and whose exact format depends on the authentication system that stores and secures the user's account information. However in OpenEdge, the user name cannot contain the '@' character, because this character delimits the name of a security domain in a user ID (see following bullet and Specifying a user ID for OpenEdge authentication). In OpenEdge, a user is always a member of an OpenEdge security domain, with backward-compatible support for previous OpenEdge releases that do not explicitly define security domains.
*Domain name — A case-insensitive character string of varying length between zero (0) and 64 characters that specifies the name of an OpenEdge security domain of which the user is a member, with a format similar to the domain of an E-mail address. In general, a security domain (or, simply, domain) includes an application, or collection of applications, whose security systems are configured to create and trust a common security token for authentication and authorization. In OpenEdge, a security domain is defined in an OpenEdge RDBMS and is configured with:
*A name (which can be blank, the default)
*A single authentication system used to authenticate the identity of all users who are members of the domain
*A secret access code used to cryptographically seal the security token after a successful user authentication, and also used to later validate the user identity represented by the sealed security token.
*An indication that the domain is enabled for use at run time
In a multi-tenant database environment, the domain also identifies the tenancy of all users whose identity is authenticated in the domain. For more information on user identity and multi-tenancy, see User identity and multi-tenancy. For more information on OpenEdge security domains and their configuration, see Defining and configuring security domains.
*Secret Passphrase — Also known as a user account password, a character string of varying length whose contents are known only to the owner of the user account and the user account system. This value must match the corresponding passphrase stored by the user account system together with the user account information. The user account system might be configured to require certain characters in the value, for example, at least one upper-case letter, one numeral, and one special character from a given set.
Note: OpenEdge never retains or stores this value for any purpose. After OpenEdge passes a user's secret passphrase to a user account system for verification, it destroys all evidence of its value within OpenEdge itself.
After a successful OpenEdge-performed authentication, OpenEdge seals the user and domain name in a security token. If an ABL application authenticates the identity, regardless of the form of user credentials that it verifies, the result of successful authentication must also include a user and domain name that the application seals in a security token in order to manage the authenticated identity with OpenEdge identity management features.