Returns a character value that represents the current state of the client-principal object.
Data type: CHARACTER
Access: Read-only
Applies to: Client-principal object handle
The following table lists the valid values and how they can be set.
This value... | Is set... |
---|---|
"INITIAL" | (Default value) From the creation of an unsealed client-principal object using the CREATE CLIENT-PRINCIPAL until the object is sealed, and after calling the INITIALIZE( ) on a sealed or unsealed client-principal object in any state. |
"LOGIN" | After the user identity represented by an unsealed client-principal object is successfully authenticated and the object is sealed using the SEAL( ) method, SECURITY-POLICY:SET-CLIENT( ) method, the SET-DB-CLIENT function, or via an OpenEdge STS. |
"SSO" | After a client principal is sealed by a non-OpenEdge user authentication process. |
"LOGOUT" | After executing the LOGOUT( ) method on a sealed client-principal object in the LOGIN state or SSO state. |
"EXPIRED" | After executing the SEAL( ) method, SET-CLIENT( ) method, SET-DB-CLIENT function, or IMPORT-PRINCIPAL( ) method, VALIDATE-SEAL( ) method, or some external, non-OpenEdge seal procedure and the date and time set for the LOGIN-EXPIRATION-TIMESTAMP attribute has expired. |
"FAILED" | After executing the AUTHENTICATION-FAILED( ) method on an unsealed client-principal object or after a user authentication operation fails on an unsealed client-principal object when calling the SET-CLIENT( ) method or SET-DB-CLIENT function. |
"NO-LOGIN" | The login operation could not be completed. This state is set after a user authentication operation on an unsealed client-principal object fails due to some policy restriction when calling the SET-CLIENT( ) method or SET-DB-CLIENT function, where the authentication is done by an OpenEdge STS. |
"NO-ACCESS" | The user is denied access. This state is set after a user authentication operation on an unsealed client-principal object fails due to some policy restriction when calling the SET-CLIENT( ) method or SET-DB-CLIENT function, where the authentication is done by an OpenEdge STS. |
"REVOKED" | The user account's access has been revoked. This state is set after a user authentication operation on an unsealed client-principal object fails due to some policy restriction when calling the SET-CLIENT( ) method or SET-DB-CLIENT function, where the authentication is done by an OpenEdge STS. |
"DISABLED" | The user account is disabled. This state is set after a user authentication operation on an unsealed client-principal object fails due to some policy restriction when calling the SET-CLIENT( ) method or SET-DB-CLIENT function, where the authentication is done by an OpenEdge STS. |
"LOCKED" | The user account is locked. This state is set after a user authentication operation on an unsealed client-principal object fails due to some policy restriction when calling the SET-CLIENT( ) method or SET-DB-CLIENT function, where the authentication is done by an OpenEdge STS. |
The following figure illustrates the supported transitions between the states described in the table above.
When the AVM sets this attribute, it also sets the STATE-DETAIL attribute with a description of the current state. If this setting occurs as a result of invoking the AUTHENTICATION-FAILED( ) method, the AVM uses any string value you pass to this method to set the STATE-DETAIL attribute.
Attempting to write to this attribute returns a warning message.