In order for your OpenEdge database to use the Authentication Gateway, it must have an STS client key that corresponds to an STS Server Key from the STS server. If you have not previously created an STS Server key, follow the steps at STS server key configuration.

If your database and STS server are not running on the same machine, copy the oests-key.ecp file from the STS server machine to the database server machine.

Install an STS client key

After you have an STS server key, create a client key with stskeyutil as shown:
stskeyutil install -url STS-URL -file keystore-dir/oests-key.ecp
Note: Beginning in OpenEdge 12.3, STS client key management can be handled by the Key Distribution service. For more information, see About STS client key management.
The value of STS-URL must match exactly what is stored in the database from the stsurlutil command). You are prompted for the same password entered when you created the STS Server key.

Specify the location of the STS server key with -file keystore-dir.

By default, the hashed key is placed in %DLC%/keys.
Note: You can specify a different path with -keystorepath. You CANNOT move the client key file to a different machine or different OpenEdge installation, even if it's on the same machine.

Testing the key

You can run stsclientutil ping to validate that the key is validated on the STS side, using the exact same URL, as shown:
stsclientutil -cmd ping -url STS-URL