An ABL authentication callback executes as an external procedure consisting of three parts: a main block; a procedure you create named AuthenticateUser; and an optional procedure you can create named AfterSetIdentity.

The main block runs during the OpenEdge-performed user authentication process. For built-in systems, it is called after user-authentication is complete but before the client-principal object is sealed by OpenEdge. For user-defined systems, it is called at the start of OpenEdge user authentication and also before the client-principal object is sealed.

The main block is automatically called as part of the CONNECT statement, the SETUSERID( ) function, the SET-DB-CLIENT( ) function, or the SECURITY-POLICY:SET-CLIENT( ) method, The main block is deleted before any of these processes return control to the ABL application.

AuthenticateUser is called when OpenEdge-performed user authentication takes place and before the client-principal object is sealed. If the procedure returns success then the authentication succeeded and the client-principal is sealed.

AfterSetIdentity is an optional procedure that extends the functionality of SSO.

see Creating an ABL authentication callback procedure for information on the functionality and the implementation of AuthenticateUser and AfterSetIdentity.