Purpose

The OpenEdge Authentication Gateway Tutorial provides an introduction to the administrative activities that can be accomplished with the OpenEdge Authentication Gateway.

Audience

This tutorial is aimed at OpenEdge administrators, who have a license for the OpenEdge Authentication Gateway component of OpenEdge. The tutorial was written and tested with OpenEdge version 12.2, the Long Term Supported release of OpenEdge at the time of document preparation (August 2020), which will be supported for many years.

Prerequisites

In addition to the license for the OpenEdge Authentication Gateway, and some experience as an OpenEdge administrator, this tutorial assumes you are working in a distributed environment. You may want to provision a virtual machine with administrative privileges onto which you will install the OpenEdge with the Authentication Gateway component, and a separate machine to host the OpenEdge database, which will act as a client to the Authentication Gateway.

This tutorial uses the Windows operating system syntax and folder structure. Syntax may be different on your operating system for both the system-level commands and the proenv commands.

Documentation conventions

See Documentation Conventions for an explanation of the terminology, format, and typographical conventions used throughout the OpenEdge content library.

Organization

This tutorial is organized into the following topics:
  1. Install the OpenEdge Authentication Gateway
  2. Start the OpenEdge Authentication Gateway
  3. Authenticate with the test user
  4. Enable an OpenEdge database to use the OpenEdge Authentication Gateway
  5. Use a server key with the the OpenEdge Authentication Gateway
  6. Use a named domain with the OpenEdge Authentication Gateway
  7. Use roles for authorization in the OpenEdge Authentication Gateway
  8. Use encoded passwords in the sts.properties file
  9. Add auditing to the OpenEdge Authentication Gateway server
  10. Add policies to the OpenEdge Authentication Gateway server
  11. Validate the OpenEdge Authentication Gateway server's Digital Certificate
Throughout the document, you will see numerous references to the OpenEdge database machine (or client database machine) and the OpenEdge Authentication Gateway server machine. For more information about this configuration:
  • The database machine will host the sports2020 database. The tutorial suggests placing the sports2020 database in a folder called /db that you create in your WRK directory. On Windows, the default path would place this location at C:\OpenEdge\WRK\db\. All of the database commands should be run from this directory on the database machine. This also necessitates having OpenEdge installed on this client database machine. This machine is occasionally referred to as a "client machine", which is because the database acts as a client to the Authentication Gateway server's Security Token Service.
  • The Authentication Gateway machine will host the Authentication Gateway server and Security Token Service. This machine must have OpenEdge installed with the Authentication Gateway component included. The default location for the Authentication Gateway server is in the WRK directory, and the default name of the server is oeauthserver. On Windows, the default path would place this location at C:\OpenEdge\WRK\oeauthserver\. This would be a separate machine from the database machine, so the oeauthserver and the db directories would not be in the same WRK directory.