Try OpenEdge Now
skip to main content
OpenEdge Authentication Gateway Guide
Configuring the OpenEdge Authentication Gateway : Configuring domains : Configuring policies

Configuring policies

A domain policy is an ABL-based implementation that enforces sign on and authentication policies. A domain policy configuration is stored in the domains.json configuration file.
Each domain configuration can reference a single domain policy configuration. The policy configuration requires the fully qualified name of an ABL class that implements OpenEdge.Security.STS.IPolicyProvider. (Optionally, an MD5 file, taken from r-codeinfo:md5-value, can be included to enforce checksum requirements for the policy implementation class.)
The policy class (or rcode) needs to be found in the PROPATH. The recommended location is under instance/webapps/ROOT/WEB-INF/openedge, which is in the PROPATH by default.
For example:

"version": "1.0.0",
"domains": [
"name" : "local",
"enabled" : true,
"description" : "O/S Authentication",
"actions" : {
"authenticate" : {
"enabled" : true,
"options" : ""
. . .
"options" : "-processid",
"authProvider" : "_oslocal",
"policyProvider" : "login",
"events" : {
"provider" : "",
"groups" : {}
. . .

"policyProviders" : {
"login" : {
"type" : "com.progress.sts.SampleLoginPolicy",
"hash" : ""

You need to then define the policy name under the domain configuration. For the example above, it is the bold line, "policyProvider" : "login".
The following is a sample login policy class. It prints some messages to the log and adds a property to the client-principal object that is returned to the client.
using Progress.Lang.*.
using OpenEdge.Security.STS.IPolicyProvider.
using OpenEdge.Security.Principal.
using Progress.Json.ObjectModel.JsonObject.
using OpenEdge.Security.PAMStatusEnum.block-level on error undo, throw.
class com.progress.sts.SampleLoginPolicy implements IPolicyProvider:
method public PAMStatusEnum ApplyPolicy( input pcSender as character,
input pcPolicy as character,
input phClientPrincipal as Principal,
input pcDomainCtx as JsonObject,
output pcStatusDetail as character ):
message "sender:" pcSender skip
"policy:" pcPolicy skip
"C-P Token" phClientPrincipal:Token skip
"context:" pcDomainCtx.
pcStatusDetail = "OK".
return PAMStatusEnum:Success.
end method.
end class.