Try OpenEdge Now
skip to main content
Identity Management
Configuring and Implementing Authentication in OpenEdge : Defining and configuring security domains

Defining and configuring security domains

You typically configure OpenEdge-supported domains in an OpenEdge RDBMS using database administration tools, including the:
*The Database Administration Console in OpenEdge Management and OpenEdge Explorer
*Data Administration utility in the OpenEdge program group on Windows
*Admin menu of the character-mode Data Dictionary
OpenEdge also provides support for configuring domains in SQL and in ABL using an OpenEdge-installed ABL API. Each of these approaches to configuring OpenEdge domains supports different capabilities, which vary in usefulness and the level of security.
In general, an OpenEdge domain is identified by a name that is unique across the application for all domains. All domains are configured with the following settings:
*A system type (authentication system) — The type of authentication system that the domain relies on for authenticating the security token for all users in that domain. OpenEdge supports several built-in authentication system types and allows you to define new ones, including ones that allow you to define your own authentication system. Each type of authentication system supports a particular set of user accounts and specific operations to validate and set a given user identity.
*An access code — A secret value used by OpenEdge or your ABL application both to cryptographically seal a security token during user authentication and to validate a user's sealed security token, for example, to assert their identity in a single sign-on (SSO) operation. If specified, this is typically a long character string value known only to the domain configuration.
Note: This is not a user account password and should not be used as such.
*An enablement indicator — Specifies if the domain is enabled for use at run time (the default). This allows you, for example, to configure domains for deployment while not making them available to an OpenEdge application until its deployment is complete.
*System options — Allows you to specify options that can be passed to authentication systems for interpretation by configured ABL authentication callbacks.
*A tenant name — For a multi-tenant database, identifies the tenant to which the domain belongs, and through which all users in the domain access the database. For a non-multi-tenant database, this setting does not exist.
*Additional settings — To support auditing and other options that currently have limited or no affect on user validation.
The following sections describe the requirements and essential features of domain configuration.
* Requirements to configure a domain
* Defining the name of a domain
* Defining and specifying the system type
* Entering a domain access code
* Enabling and disabling domains
* Entering system options
* Identifying the tenant to which a domain belongs
* Pre-configured and reserved OpenEdge domains
* Configuring authentication-enabled domains