In a very basic deployment environment in which you have a web application hosted on a PAS for OpenEdge instance, and an OpenEdge Database instance backend, you need to create two security domain configurations. One is for the PAS for OpenEdge instance, and the other is for OpenEdge Database. Therefore, each security domain configuration must have an individual domain registry. The domain registry includes the names of the domains from which authenticated users may obtain access to resources, and the corresponding domain access codes.

Domain access codes

A domain access code is a secret value used by OpenEdge or your ABL application both to cryptographically seal a security token during user authentication and to validate a user's sealed security token. The domain access code is typically a long character string value known only to the domain configuration. When setting up domain registries, you need to make sure that for a given domain name that is entered into each domain registry, the domain access code is identical.

Set up the domain registry for PAS for OpenEdge

To set up the domain registry for a PAS for OpenEdge instance:

  1. Update the default domain registry CSV file, oeablSecurity.csv, located by default in the PAS for OpenEdge instance folder of the OpenEdge working directory, to include your domain names and corresponding domain access codes.
  2. Use the gendomreg utility to create an encrypted Java keystore file from the CSV file.
  3. Copy the encrypted keystore file to the conf directory of each PAS for openEdge instance.

For more information, see Enable ABL application authentication.

Set up the domain registry for OpenEdge Database

You typically configure a OpenEdge security domains for OpenEdge Database using database administration tools, including the:

  • Database Administration Console in OpenEdge Management
  • Data Administration utility in the OpenEdge program group on Windows
  • Admin menu of the character-mode Data Dictionary

For more information, see Defining and configuring security domains.

After you have configured your authentication manager plug-in, you need to add your OpenEdge security domains and domain access codes in OpenEdge Database.