Once you have created an STS client key and configured and enabled the database to use the Authentication Gateway, you can start the server (or connect single-user).
Start the database, as shown:
proserve dbname S 12345
If the STS client key is in the default location, you need no additional parameters.
If you are going to be connecting Client-Server, you need to generate the client key on both client and server on both.
The oests.<date>.log file contains messages about the STS client key validation and if anything goes wrong with the validation. You can also increase (or decrease) logging messages in the database log file with the startup parameter -stsclientlogging. See STS logging level (-stslogginglevel).
Additional database startup parameters to keep in mind include:
-Mm cannot be set to the minimum (350) when using the Authentication Gateway STS server. You must set it to at least 360. The default is 1024 and the maximum is 32,600
-secsize specifies the sized of the security cache that can help connection performance. See Security cache size (-secsize)
-certstorepath, -keystorepath, -nohostverify, and -nosessionresue are shared between SSL-enabled connections and communication with the Authentication Gateway STS server
You can perform authentication or exchange using stsclientutil if you want to perform a simple test and take the database out of the picture (change the parameters for credentials as needed, -U, -P, -D), as shown:
stsclientutil -cmd authenticate -url STS-URL -user test@seal -password test
stsclientutil -cmd exchange -url STS-URL -domain local