An SSO operation generally follows these steps to validate and set the user identity using a sealed security token:
1. Retrieves the domain name from the security token and verifies that the domain exists in the domain registry of the ABL session or connected database, and is in an enabled state.
2. If there is a login expiration time stamp set for the security token, verifies that it has not expired, and if it has expired, sets the security token to a state that indicates its login time has expired and exits from the SSO operation without further action.
3. Performs a data-integrity check of the user credentials stored in the security token.
4. Validates the access code configured for the registered domain against the security token's seal.
5. If the tests in all of the previous steps are satisfied, the SSO operation is successful and continues with one of the following procedures, depending on the context:
