In ABL, you can assert a user identity that has already been authenticated by any trusted authentication system using the following elements:

  • A sealed client-principal object
  • SET-CLIENT( ) ABL method on the SECURITY-POLICY system handle
  • SET-DB-CLIENT ABL function
  • An ABL session or local database domain registry that has been loaded from the domain configurations in an OpenEdge database or built by an ABL application

Either SET-CLIENT( ) or SET-DB-CLIENT take a sealed client-principal object and validate its user identity against a trusted domain registry, and if successful, sets the identity to an ABL session, a database connection, or an entire application with many connected ABL sessions and database connections, depending on method or function and how you call it. SSO validates a user identity that might have been authenticated at another location, but in exactly the same security domain. This user identity can be stored and passed around an application independent of the ABL session or database connection for which it was originally authenticated. For more information on managing identities for both session and database access, see Learn about Identity Management. For more information on asserting identities as a trusted user from ABL, see the sections on application security in OpenEdge Programming Interfaces.