Depending on the authentication system configuration, an asserted user identity can be validated through user authentication performed by:
OpenEdge — In a built-in operation, OpenEdge accepts the user credentials (which identify a user and authentication system) and calls out to the authentication system to validate the specified user identity through a configured user account system. Depending on the success or failure of the user validation, OpenEdge then seals a security token that represents the user identity. For a successful user validation, OpenEdge also establishes the user identity in an OpenEdge security system, which might be an ABL session and one or more OpenEdge database connections, depending on the operation and OpenEdge resources involved.
An ABL application — An ABL application accepts the user credentials and calls out to an ABL-implemented or external user account system to validate the user identity. Depending on the success or failure of the user validation, the application typically executes an OpenEdge operation to seal a security token that represents the user identity. For a successful user validation, the application also typically executes another OpenEdge operation using the sealed security token to establish the user identity in an OpenEdge security system, which might be an ABL session and one or more OpenEdge database connections, depending on the operation and OpenEdge resources involved.
The result of a successful OpenEdge user authentication is always a sealed security token, which an ABL application can use in an OpenEdge single sign-on operation to establish the same authenticated user identity in additional ABL sessions and database connections. A
single sign-on (SSO) operation validates that the authenticated user identity a sealed security token represents is acceptable to a given security system, and if successful, establishes that identity in the security system. If the ABL application performs the user authentication and seals a security token with the authenticated user identity, it can also use this security token in OpenEdge SSO operations to establish the user identity in additional ABL sessions or database connections. For more information on how OpenEdge manages user authentication and SSO operations, see
OpenEdge authentication.
The following sections describe how OpenEdge supports user accounts in authentication systems. For more information on user accounts in OpenEdge, see
OpenEdge identity types and their applications.
