The OpenEdge Authentication Gateway is a Progress Application Server for OpenEdge (PAS for OpenEdge) instance where the OESTS web application (oests.war) is deployed, rather than the standard OEABL (oeabl.war) web application. It functions as a Security Token Service (STS) for database, server, and application connections that returns a validated Client-Principal object in response to client requests for database connections.

The Authentication Gateway is a secured HTTPS server that provides STS functionality, which includes user authentication and client-principal generation. The use of a common Authentication Gateway for PAS for OpenEdge instances, databases, and applications enhances security and reduces complexity (because, for example, each PAS for OpenEdge server instance does not need to maintain its own copy of OpenEdge Domains and Domain Access-codes).

Connections between a PAS for OpenEdge instance and an Authentication Gateway server are facilitated through the STS AuthenticationProvider, a plug-in to the Progress Application Server's Spring Security framework.

After you deploy OpenEdge Authentication Gateway, you can configure the Authentication Gateway by editing a number of JSON files and, optionally, by editing the Spring Security context file.