PAS for OpenEdge SSO configuration guide
- Last Updated: February 11, 2026
- 1 minute read
- OpenEdge
- Version 13.0
- Documentation
Configuring PAS for OE SSO tokens is accomplished by updating the following files:
| File path | Description |
|---|---|
|
Spring Security configuration defaults for all web applications |
|
Spring Security configuration settings for an individual web application |
|
URL access controls (Spring Security intercept-url settings) for individual web applications |
Note: The oeablSecurity.properties files are where you configure the
OEClientPrincipalFilter bean which manages all aspects of
translating Spring tokens to CLIENT-PRINCIPAL tokens, the sealing of CLIENT-PRINCIPAL
tokens, and the validation of CLIENT-PRINCIPAL tokens across all methods of direct login
and SSO. There are two SSO configurations, one for web applications that produce SSO tokens and one for web applications that consume SSO tokens.
| Configure CLIENT-PRINCIPAL creation |
|
| Configure SSO token creation |
|
Note: Because of the security risks, PAS for OpenEdge web applications should not produce
SSO tokens unless there are deployed clients capable of using the SSO that is produced.
Therefore, the default setting for authentication and generation of native OpenEdge SSO
tokens is disabled. In most cases, you can simply enable authentication or generation,
or both.
| Configure CLIENT-PRINCIPAL validation | Add single or multi domain and access codes |
| Configure SSO Token use and validation |
|