|
Construct
|
Behavior
|
|
SET-DB-CLIENT function
|
When using an STS-enabled database, SET-DB-CLIENT does not check the user identity against the ABL session domain registry. In this case, the identity is always checked against the database’s own domain registry configuration.
|
|
SET-USER-ID function
|
When using an STS-enabled database, the _oeusertable authentication system is not required, and accounts do not have to be in the _User table.
|
|
AUDIT-EVENT-CONTEXT attribute of the Client-principal object handle
|
The value of AUDIT-EVENT-CONTEXT is stored in the _Event-detail field in the audit record.
|
|
LOGIN-STATE attribute of the Client-principal object handle
|
This attribute has five additional values to support STS: NO-LOGIN, NO-ACCESS, REVOKED, DISABLED, and LOCKED.
|
|
SEAL( ) method of the Client-principal object handle
|
After an STS-enabled database is connected to a given session, you cannot call the SEAL( ) method on the client principal with an encoded domain access code. After an STS-enabled database connection is made, you can only call SEAL( ) with a clear text domain access code.
|
|
VALIDATE-SEAL( ) method of the Client-principal object handle
|
VALIDATE-SEAL( ) generates an audit event when the method finds the client principal to be expired for the first time. When this happens, the method generates an audit event for a logout operation.
|
|
Progress.Security.PAMStatus class
|
To support STS authentication, five new properties have been added to this class: AccessDenied, AccessRevoked, AccountDisabled, LoginDenied, and LoginLockout.
|