Manage Progress Application Server (PAS) for OpenEdge

Test SAML configurations

Save PDF

Test SAML configurations

Save PDF

Last Updated: February 11, 2026
2 minute read

OpenEdge
Version 13.0
Documentation

System Administrators use OESECTOOL to test SAML configurations for PAS for OpenEdge and OpenEdge Authentication Gateway security configurations. Testing is limited to checking for valid or invalid responses. Testing does not provide user login and session support.

Syntax


`oesectool[.sh\|.bat] command [parameter]`

Note: This tool is intended for test environments only. Production systems should use a commercial authorization server.

Parameters

command: The commands related to SAML testing, including:


Command	Description
startsamlserver	Starts a SAML identity provider. `-port portnumber -ports portnumber` Note: Using `-port` or `-ports` create a keystore.p12 file in oesectool\work, if not already created. Using `-ports` creates an sslkeystore.p12 file in oesectool\work, if not already created.
stopsamlserver	Stops a SAML identity provider. `-port portnumber -ports portnumber` Note: You can stop the server from the browser by using `http://machinename:port/stop` or `https://machinename:ports/stop`.

parameters: The parameters related to SAML testing, including:


Parameter	Description
-port `portnumber`	HTTP port number
-ports `portnumber`	HTTPS port number

Customize SAML server properties

When you use OESECTOOL to start a SAML test server, modify theoesectool/conf/oesectool-saml.properties file to configure a SAML test server. For more information on oesectool-saml.properties, see the oesectool/conf/oesectool-saml.properties.README file.

Start a SAML test server

To start a SAML test server, use:

oesectool startsamlserver -port 8888 - ports 9999 -::waittime 20

The output is:

SAML Server started
        Http port:  8888
        Https port: 9999
        Process id: 3672

When the SAML server starts, it creates two keystore files in your work directory:

keystore.p12—Keystore to sign tokens. This keystore has only one key defsigkey and a self-signed certificate for testing. A unique keystore is created on initial startup in oesectool\work when an HTTP port is provided.
sslkeystore.p12 —Keystore for HTTPS requests. This keystore has the oesectoolssl key and a self-signed certificate for testing. To send HTTPS requests, PAS for OpenEdge must have the oesectoolssl certificate in the Tomcat truststore or reassign the Tomcat truststore to sslkeystore.p12. A unique keystore is created on initial startup in oesectool\work when an HTTPS port is provided.

For a more secure test environment, see Customize the keystore location and password.

Customize the keystore location and password

Use the OESCTOOL catalina_opts template command before starting a test PAS for OpenEdge instance. This command sets the Tomcat truststore of the instance to the truststore created for OESECTOOL, when using HTTPS.

Windows:

oesectool.bat catalina_opts
set CATALINA_OPTS=-Djavax.net.ssl.trustStore="C:\workdir\sslkeystore.p12" 
-Djavax.net.ssl.trustStorePassword=yourpassword

Linux or Unix:

sh oesectool.sh catalina_opts

export 'CATALINA_OPTS=-Djavax.net.ssl.trustStore=/workdir/sslkeystore.p12 
-Djavax.net.ssl.trustStorePassword=yourpassword'

Stop a SAML test server

To stop a SAML test server, use:

oesectool stopsamlserver -port 8888