Configuring OpenEdge Authentication

If you choose OpenEdge while Creating an Authentication Profile, specify values for the following fields to implement OpenEdge Single Point of Authentication (SPA):

Note:

You should understand how OpenEdge SPA works before configuring Platform to use this type of authentication. For more information on OpenEdge SPA, see the Progress OpenEdge AppServer Administration documentation.
The following jars are no longer being shipped with Platform Installer since 5.5 version. Ensure the jars are available in Tomcat's lib folder which can be copied from OpenEdge installation directory.
- certj.jar
- cryptoj.jar
- sslj.jar

Default Setting: Selecting the Default UI or Default API fields indicate the authentication profile that is currently set as a default UI or default API authentication type. However, there is no compulsion that only one authentication profile should be the default for both the UI & API authentications.

Field	Description
Name	Type an authentication profile name.
OpenEdge Realm URL	The URL to connect users to the state-free AppServer. oerealm is the name of the OpenEdge State-free AppServer where you deploy the OpenEdge realm. The default URL for Classic AppServer is appserver://host-name:port-number/oerealm. The default URL for Progress Application Server is http://host-name:port-number/webapp/apsv.
OpenEdge Realm Class	The realm service interface’s class path. SPA security implementation for an OpenEdge REST Web application must specify the HybridRealm interface class.
OpenEdge Domain	The name of the domain to which the OpenEdge user must belong. Note that only a single domain name can be specified and that only the users in that domain will be authenticated.
OpenEdge Domain Access Code	The code or a key required for a OpenEdge user to access the OpenEdge domain. In that, in a REST service call, this code seals the client principal token that validates and authenticates users.
Override hostname validation	When enabled, OpenEdge authentication will not validate the hostname of the OpenEdge Realm URL. Typically, you use this option for testing purposes when your OpenEdge Realm URL is secure (HTTPS) and you want to use a self-signed certificate (as opposed to a CA Certificate Store file) for user authentication. Note that this option sets the `noHostVerify` property of JVM to `true` and for security reasons, is not recommended for production systems..
Realm Token File	The file name that holds a serialized ClientPrincipal used to authenticate the realm service interface.
CA Certificate Store File	The security certificate from the certificate store required for user authentication. Note: If your Realm URL is secure and it requires certificate, you must provide your certificate in the CA Certificate Store File field for Platform to access the URL. For example: In Classic AppServers, AppserverDC://hostname/brokername is not secure and doesn't require a certificate, and AppserverDCS://hostname/brokername is secure and requires a certificate for access. In the case of Progress Application Servers, http://host-name:port-number/webapp/apsv is not secure and doesn’t require a certificate, and https://host-name:port-number/webapp/apsv is secure and requires a certificate for access.
Manages Password	Enables the following password-management options: Password Guidelines: Text to display on the Change Password page. Use Security Questions to authenticate users: Allows you to configure security questions users must answer upon login. See Security questions for authentication for information about security questions. See Configuring security questions for information about configuring security questions. When users change their password, the old password stored in the Progress OpenEdge database must be updated with the new one. So, before you enable the Manages Password option in Platform, you must update your OERealm service interface method, `SetAttribute()`, in OpenEdge with the change-password ABL logic. For information about how to update `SetAttribute()` with the required ABL logic, see Change-password ABL logic in Progress OpenEdge .
Super Admin Credential	The Login Name and Password used to generate the client principal for batch jobs and delay triggers. Provide these values if you plan to run batch jobs and/or delay triggers on OpenEdge objects.
Guest User Credential	The Login Name and Password used for portal access. Provide these values if you plan to access OpenEdge objects from a Platform portal.

After specifying the above values, you must test your authentication method to check whether authentication succeeds. To test your authentication method:

Under Test External Authentication, specify a valid login name and password.
Click Test External Authentication.

Note that you cannot save your changes until the test succeeds.