This topic covers testing the default OpenEdge Authentication Gateway configuration with the default user called test and a blank domain defined in the users.properties file. This configuration is available by default for users to explore the stsclientutil and the Authentication Gateway before locking down the database.

For this topic, the authentication details from the client can be completed on the same machine as the Authentication Gateway server machine. But in later topics, separate machines are required, and we will move away from the users.properties file to the operating system logins.

Authenticate the test user and password with stsclientutil

By default, we have configured the Authentication Gateway to authenticate with a blank domain and a test user defined in the oeauthserver\webapps\ROOT\WEB-INF\config\users.properties file. In this topic, we’ll run a quick test with stsclientutil and test the settings defined in domains.json for the blank domain.

To authenticate the test user and password with stsclientutil:
  1. Ensure your Authentication Gateway server is running on the server host machine.
  2. In a Proenv console, use an Authentication Gateway client to pass a set of credentials to the Security Token Service for authentication using stsclientutil, for example:
    proenv>stsclientutil -url https://yourgatewayhostname:port -nohostverify -cmd authenticate -user test -password test
    Note: Using the stsclientutil provides the best results when used from a separate machine from the Authentication Gateway server, such as the machine where you will host your OpenEdge database.

    Replace yourgatewayhostname in the above command with the hostname of your Gateway server. The port is the port number that you specified for the Gateway server during the installation. The default is 8443, but if you specified a different port during the installation, be sure to make that change.

    The Authentication Succeeded message indicates that the server is up and running.

The authentication succeeds because there is a pre-defined test user in the %WRKDIR%/oeauthserver/webapps/ROOT/WEB-INF/config/users.properties file. If you view this file, you can also test authentication with other users defined in that file.

Attempt to authenticate as an intruder user and password with stsclientutil

It is best to test authentication with a negative case. In this step, we will attempt the same command with a user who is not a valid user. You can use any user name and password to test this. We will use intruder to demonstrate an outsider’s attempt to be authenticated.
  1. Ensure your Authentication Gateway server is still running on the server host machine.
  2. In a Proenv console, use an Authentication Gateway client to pass a set of credentials to the Security Token Service for authentication using stsclientutil, for example:
    proenv>stsclientutil -url https://yourgatewayhostname:port -cmd authenticate -user intruder -password intruder -nohostverify
    Replace yourgatewayhostname in the above command with the hostname of your Gateway server. The port is the port number that you specified for the Gateway server during the installation. The default is 8443, but if you specified a different port during the installation, be sure to make that change.
  3. The following message prints to the console, which states that you were not authenticated because of bad credentials:
    error: stsclientutil: authenticate error: error= 5 (http error)  detail= 400  ()
error: stsclientutil: sts service error:  error= (error_code:2)
error: stsclientutil: sts service error:  error_description= (Bad credentials)
Authentication failed. Reason = User authentication failed

Summary

In this topic, you authenticated a default user with the name test and password test with a successful outcome. Additionally, you tested intruder as a username and password and the user authentication failed.

This demonstrates the basic format of the stsclientutil command, which uses the -cmd action with the authenticate option as well as -user and -password options to perform authentication based on the users.properties file located in the %WRKDIR%/oeauthserver/webapps/ROOT/WEB-INF/config directory.

This shows the authentication provided by the Authentication Gateway before enabling the feature in your database.