Try OpenEdge Now
skip to main content
OpenEdge Authentication Gateway Guide
Configuring your OpenEdge Database to use the OpenEdge Authentication Gateway : SSO Token Exchange

SSO Token Exchange

This section describes connecting to your OpenEdge database using your operating system login id.
First, in the STS, you need the domain to contain the EXCHANGE action, and the "-processid" domain option, similar to how the 'local' domain is set up. More details can be found at Configuring domains. For example:
"name" : "local",
"enabled" : true,
"description" : "O/S Authentication",
"actions" : {
"authenticate" : {
"enabled" : true,
"options" : ""
"exchange" : {
"enabled" : true,
"options" : "-processid"
"sso" : {
"enabled" : true,
"options" : ""
"refresh" : {
"enabled" : false,
"options" : ""
"options" : "",
"authProvider" : "_oslocal",
"policyProvider" : "",
"events" : {
"provider" : "",
"groups" : {}
Note the boleded line that adds –processid to the options section in the local domain.
When connecting to the database, you can use one of the following:
*-OSUser -domain local
*-OSUser -U <OS-user-name>@local,where <OS-user-name> must match the operating system user name currently running the ABL client
You can use any domain that is set up with the _oslocal provider for SSO token exchange (not just 'local') as long as the domain is configured as mentioned above in the domains.json file. That includes the "" domain, in which case you connect like this:
*-OSUser -U <OS-user-name>
*-OSUser -U <OS-user-name>@
*No additional parameters is implied as -OSUser