Domain access codes for the OpenEdge Authentication Gateway are stored separately as a Java KeyStore. The Java KeyStore must be built using the OpenEdge gendomreg command.
To create the Java KeyStore, first add the domains and Domain Access Codes (DAC) into a CSV file (for example, domainsks.csv). The CSV file lists OE domains in the Domain-name,Domain-access-code format. Each domain must be listed on a separate line, and the passwords can be oech1::encoded. For example:
mydomain,mypassword
local,localkey
Note: Quoted domain names, commented lines (#...), and blank lines are supported by the current version of gendomreg. Older versions do not support these syntactical features.
When the CSV is complete, use gendomreg to create a Java KeyStore file. For example:
proenv>gendomreg domainsks.csv domains.keystore
After domains.keystore is created, move it to the same directory as the domains.json configuration file (usually instance/webapps/ROOT/WEB-INF/config/).
Notes
The domain names in the domains.keystore and in the domains.json files must match exactly, including the case of letters, or the domain will be disabled for use by the Authentication Gateway.
There are default domains.keystore and domains.json files ininstance/webapps/ROOT/WEB-INF/config/. The files are installed with default values suitable for testing purposes.
The domainsks.csv file is not used by the Authentication Gateway. It is just an intermediate file used by gendomreg to generate the domains.keystore file. You can name this file anything you want. However, because domainsks.csv contains clear text passwords, you should remove it from the OESTS machine and keep a backup of it in a secure location.
The domain names in the domains.keystore and in the domains.json files must match exactly, including the case of letters, or the domain will be disabled for use by the Authentication Gateway.