The SSO authentication model for native OpenEdge SSO tokens follows the HTTP BASIC model where a client’s identity is authenticated on each HTTP request. The difference between the two is that HTTP BASIC sends user-id/password authentication on each request and SSO sends an encoded SSO token in each request.

Client request

The HTTP 1.1 format for the request is:

"Authorization : " + token_type + " " + access_token

For OpenEdge, the client request is:

Authorization : oecp b64-oecp-sso-token

HTTP Status Codes

  • 200 indicates success.
  • 401 indicates an SSO authentication failure.
    WWW-Authenticate : oecp error=401,
error_description=error-desc
token-error-code
    Note: For more information on token-error-code, see SSO Token Error Codes.