Start the OpenEdge Authentication Gateway
- Last Updated: October 27, 2025
- 3 minute read
- OpenEdge
- Version 12.8
- Documentation
The OpenEdge Authentication Gateway is an instance of the Progress Application Server for OpenEdge that runs a Security Token Service. To start the OpenEdge Authentication Gateway server, you are just starting a registered PAS for OpenEdge instance.
- Open the Proenv command-line utility for the OpenEdge Authentication Gateway server machine that you completed in Install the OpenEdge Authentication Gateway server.
- Change to Authentication Gateway instance directory. This path
is provided during installation and is preconfigured with additional changes
that support the Authentication Gateway server functionality. In a distributed
environment, you could install the server where it is best for your system. In
this case, navigate to the directory specified in the Authentication Gateway
server installation, for example:
proenv>cd C:\OpenEdge\WRK\oeauthserver - Start the server using the
tcman pasoestartcommand:proenv>bin\tcman pasoestart Starting stopped PASOE instance ............. Start action: start Initial state: stopped Initial processes: 0 Exit state: started Exit description: Starting stopped PASOE instance Exit processes: 33512 31300 4576 Exit status: 0 Exit errors:Note: There is a limitation on Unix-like platforms that the OpenEdge Authentication Gateway cannot be started as the root user for security purposes.As the the server starts, it loads the Security Token Service located in the C:\OpenEdge\WRK\oeauthserver\webapps\ROOT directory.
- When the server is running, locate your machine name by using
the
hostnamecommand:proenv>hostname yourgatewayhostnameNote: In some cases, you may need to access the Authentication Gateway hostname through the external IP address of the machine. - With the server running, use the client testing tool,
stsclientutil, to ping the server:proenv>stsclientutil -url https://yourgatewayhostname:port –nohostverify -cmd ping ping ... OKNote: Thestsclientutilis best used on a separate machine from the Authentication Gateway server, such as the machine where you will create the OpenEdge database. The Authentication Gateway prohibits access using localhost or its IP address equivalent as the hostname.Replace yourgatewayhostname in the above command with your hostname. The port is the port number that you specified during the installation. The default is 8443, but if you specified a different port during the installation, be sure to make that change.
The
-nohostverifyoption allows access to the Authenticate Gateway using the server's default HTTPS certificate. This is for development and testing use only. Later in the tutorial, in the Replace the default key and certificate on OpenEdge Authentication Gateway server topic, you replace this default certificate with a self-signed certificate. In production, you should use a digital certificate that is signed by a Certificate Authority.The
ping … OKmessage indicates that the server is up and running.
Summary
In this topic, you started the Authentication Gateway server instance
that you had previously installed. By pinging the instance, using the stsclientutil utility (located in the OpenEdge
installation's /bin directory) with the -cmd ping option, you verified that the server was
started and accepting requests. This was a stand-alone test and had no interaction
with any user account authentication system.
For now, you are using the -nohostverify option to suppress the error message raised when valid
certificates are not available. Production installations require certificates to
support secured communication between the Gateway and clients. You will add
certificates in a later topic so that you can run the Gateway as designed.
-help option shows other
options available for the command line utility:
|
In the next topic, we will use the -cmd
authenticate option to authenticate a user based on the users.properties file.