Try OpenEdge Now
skip to main content
OpenEdge Authentication Gateway Guide
Reference entries : ABL reference : LOGIN-STATE attribute (enhanced for STS)
 

LOGIN-STATE attribute (enhanced for STS)

What's new

This attribute now has five more possible values to support STS: NO-LOGIN, NO-ACCESS, REVOKED, DISABLED, and LOCKED.

Description

Returns a character value that represents the current state of the client-principal object.
Data type: CHARACTER
Access: Read-only
Applies to: Client-principal object handle
The following table lists the valid values and how they can be set.
Table 1. Client-principal LOGIN-STATE attribute values
This value...
Is set...
"INITIAL"
(Default value) From the creation of an unsealed client-principal object using the CREATE CLIENT-PRINCIPAL until the object is sealed, and after calling the INITIALIZE( ) on a sealed or unsealed client-principal object in any state.
"LOGIN"
After the user identity represented by an unsealed client-principal object is successfully authenticated and the object is sealed using the SEAL( ) method (enhanced for STS), SECURITY-POLICY:SET-CLIENT( ) method, the SET-DB-CLIENT function, or via an OpenEdge STS.
"SSO"
After a client principal is sealed by a non-OpenEdge user authentication process.
"LOGOUT"
After executing the LOGOUT( ) method on a sealed client-principal object in the LOGIN state or SSO state.
"EXPIRED"
After executing the SEAL( ) method, SET-CLIENT( ) method, SET-DB-CLIENT function, or IMPORT-PRINCIPAL( ) method, VALIDATE-SEAL( ) method (enhanced for STS), or some external, non-OpenEdge seal procedure and the date and time set for the LOGIN-EXPIRATION-TIMESTAMP attribute has expired.
"FAILED"
After executing the AUTHENTICATION-FAILED( ) method on an unsealed client-principal object or after a user authentication operation fails on an unsealed client-principal object when calling the SET-CLIENT( ) method or SET-DB-CLIENT function.
"NO-LOGIN"
The login operation could not be completed. This state is set after a user authentication operation on an unsealed client-principal object fails due to some policy restriction when calling the SET-CLIENT( ) method or SET-DB-CLIENT function, where the authentication is done by an OpenEdge STS.
"NO-ACCESS"
The user is denied access. This state is set after a user authentication operation on an unsealed client-principal object fails due to some policy restriction when calling the SET-CLIENT( ) method or SET-DB-CLIENT function, where the authentication is done by an OpenEdge STS.
"REVOKED"
The user account's access has been revoked. This state is set after a user authentication operation on an unsealed client-principal object fails due to some policy restriction when calling the SET-CLIENT( ) method or SET-DB-CLIENT function, where the authentication is done by an OpenEdge STS.
"DISABLED"
The user account is disabled. This state is set after a user authentication operation on an unsealed client-principal object fails due to some policy restriction when calling the SET-CLIENT( ) method or SET-DB-CLIENT function, where the authentication is done by an OpenEdge STS.
"LOCKED"
The user account is locked. This state is set after a user authentication operation on an unsealed client-principal object fails due to some policy restriction when calling the SET-CLIENT( ) method or SET-DB-CLIENT function, where the authentication is done by an OpenEdge STS.
The following figure illustrates the supported transitions between the states described in the table above.
Figure 1. Valid changes to LOGIN-STATE attribute value
When the AVM sets this attribute, it also sets the STATE-DETAIL attribute with a description of the current state. If this setting occurs as a result of invoking the AUTHENTICATION-FAILED( ), the AVM uses any string value you pass to this method to set the STATE-DETAIL attribute.
Attempting to write to this attribute returns a warning message.

See also

SEAL( ) method (enhanced for STS), SEAL( ) method (enhanced for STS)