OpenEdge supports two basic types of authentication operations to authorize access to OpenEdge resources:
User authentication — Authenticates user supplied credentials in a login operation against secure user accounts that are associated with a specific security domain. If successful, this operation produces a sealed security token that represents the user's identity in that domain. It then establishes (sets) the user identity in the security system where the user's identity is authenticated so the security system can authorize access to system features and data. Depending on the OpenEdge configuration, and the security systems involved, a single user authentication can set the same identity for more than one security system in a single operation.
Also, as noted previously (see What is Identity Management?), OpenEdge supports two different mechanisms to perform user authentication, depending on how the user's security domain is configured:
OpenEdge performed — Domains configured for user authentication to the OpenEdge _User table (database _User table accounts) or to the operating system user accounts
ABL Application performed — Domains configured for authentication to any other (external) user accounts
Single sign-on (SSO) — In ABL only, validates that the user identity has successfully passed authentication and the security system is configured to accept sealed security tokens before establishing the identity. Thus, an SSO operation can take a security token that has been created and sealed in one security system, and set the same user identity for a different security system within the same domain without requiring the user to login a second time. Depending on the OpenEdge configuration, and the security systems involved, a single SSO can set the same identity for more than one security system in a single operation.