Process for a successful SSO to an OpenEdge database connection
If the SSO operation is successful for an OpenEdge database connection, it:
1. Makes a deep copy of the user credentials from the security token into the database connection context.
2. Sets the connection identity to the user identity represented by the security token.
3. If this is a multi-tenant database connection:
a. If the security token already stores the name of the database (from a previous connection), the corresponding tenant name and database tenant ID are assigned to the connection to authorize the user's tenancy.
b. If the security token does not already store the name of the database, the tenant name and database tenant ID are returned from the database domain configuration and the security token is resealed with the updated user credentials; then the tenant name and database tenant ID are assigned to the connection to authorize the user's tenancy.
4. Audits the change in database connection identity.
5. For an ABL database connection, rebuilds the table and field permissions for the new user identity to use in any subsequent run-time or dynamic buffer access.
Note: For more information on ABL table and field permissions, see OpenEdge authorization