LOGIN-STATE attribute

Returns a character value that represents the current state of the client-principal object.

Data type: CHARACTER

Access: Read-only

Applies to: Client-principal object handle

The following table lists the valid values and how they can be set.

Client-principal LOGIN-STATE attribute values
This value... Is set...
"INITIAL" (Default value) From the creation of an unsealed client-principal object using the CREATE CLIENT-PRINCIPAL until the object is sealed, and after calling the INITIALIZE( ) on a sealed or unsealed client-principal object in any state.
"LOGIN" After the user identity represented by an unsealed client-principal object is successfully authenticated and the object is sealed using the SEAL( ) method, SECURITY-POLICY:SET-CLIENT( ) method, the SET-DB-CLIENT function, or via an OpenEdge STS.
"SSO" After a client principal is sealed by a non-OpenEdge user authentication process.
"LOGOUT" After executing the LOGOUT( ) method on a sealed client-principal object in the LOGIN state or SSO state.
"EXPIRED" After executing the SEAL( ) method, SET-CLIENT( ) method, SET-DB-CLIENT function, or IMPORT-PRINCIPAL( ) method, VALIDATE-SEAL( ) method, or some external, non-OpenEdge seal procedure and the date and time set for the LOGIN-EXPIRATION-TIMESTAMP attribute has expired.
"FAILED" After executing the AUTHENTICATION-FAILED( ) method on an unsealed client-principal object or after a user authentication operation fails on an unsealed client-principal object when calling the SET-CLIENT( ) method or SET-DB-CLIENT function.
"NO-LOGIN" The login operation could not be completed. This state is set after a user authentication operation on an unsealed client-principal object fails due to some policy restriction when calling the SET-CLIENT( ) method or SET-DB-CLIENT function, where the authentication is done by an OpenEdge STS.
"NO-ACCESS" The user is denied access. This state is set after a user authentication operation on an unsealed client-principal object fails due to some policy restriction when calling the SET-CLIENT( ) method or SET-DB-CLIENT function, where the authentication is done by an OpenEdge STS.
"REVOKED" The user account's access has been revoked. This state is set after a user authentication operation on an unsealed client-principal object fails due to some policy restriction when calling the SET-CLIENT( ) method or SET-DB-CLIENT function, where the authentication is done by an OpenEdge STS.
"DISABLED" The user account is disabled. This state is set after a user authentication operation on an unsealed client-principal object fails due to some policy restriction when calling the SET-CLIENT( ) method or SET-DB-CLIENT function, where the authentication is done by an OpenEdge STS.
"LOCKED" The user account is locked. This state is set after a user authentication operation on an unsealed client-principal object fails due to some policy restriction when calling the SET-CLIENT( ) method or SET-DB-CLIENT function, where the authentication is done by an OpenEdge STS.

The following figure illustrates the supported transitions between the states described in the table above.

Valid changes to LOGIN-STATE attribute value

When the AVM sets this attribute, it also sets the STATE-DETAIL attribute with a description of the current state. If this setting occurs as a result of invoking the AUTHENTICATION-FAILED( ) method, the AVM uses any string value you pass to this method to set the STATE-DETAIL attribute.

Attempting to write to this attribute returns a warning message.

See also

AUTHENTICATION-FAILED( ) method, CREATE CLIENT-PRINCIPAL statement, IMPORT-PRINCIPAL( ) method, INITIALIZE( ) method, LOGIN-EXPIRATION-TIMESTAMP attribute, LOGOUT( ) method, SEAL( ) method, SET-CLIENT( ) method, SET-DB-CLIENT function, STATE-DETAIL attribute, VALIDATE-SEAL( ) method