The domain access code supports two related functions:
1. Sealing a security token — It is used to cryptographically seal the user's credentials in a security token after they are successfully authenticated for a given user identity in this domain. Sealing a security token identifies the user, puts in read-only mode, and establishes the trusted origin.
2. Validating a security token — In an SSO operation, OpenEdge matches the access code used to seal the security token to the access code defined for the domain configuration. If they match, the SSO is successful, and the user identity represented by the security token is authorized to access OpenEdge resources in that domain.
Therefore, it is important to choose an access code for the domain that is unique to both the domain and the OpenEdge installation so the security token cannot inadvertently be used for SSO operations in another installation.
