Single sign-on (SSO) in OpenEdge refers to the creation of a sealed security token called the CLIENT-PRINCIPAL that represents a user identity within a security domain. The CLIENT-PRINCIPAL is created after Spring Security successfully completes authentication and authorization. The CLIENT-PRINCIPAL retains the user credentials and remains available within a web application, eliminating the need for a user to log in again.

In PAS for OpenEdge, basic Spring Security token generation is extended to create an OpenEdge CLIENT-PRINCIPAL object. Creation of the CLIENT-PRINCIPAL is enabled by default by this property in the oeablSecurity.properties file of the web application:
OEClientPrincipalFilter.enabled=true
Set the property to false to disable the ClientPrincipal. You can set other ClientPrincipal properties in the OEClientPrincipalFilter bean section of the oeablSecurity.properties file. In particular, you will want to set the OEClientPrincipalFilter.domain property to specify where the ClientPrincipal is valid.

After domain and other properties are set for the ClientPrincipal, you can configure SSO properties in the OpenEdge SSO support section of the oeablSecurity.properties file.

for more information about the properties and values for the ClientPrincipal and for SSO, See the oeablSecurity.properties.README file.

Note: In PAS for OpenEdge, SSO is available for client access through the APSV and REST transports but not for the SOAP transport.