DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment
description
Transcript of DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment
![Page 1: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/1.jpg)
DEV-09:User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment
Michael JacobsDevelopment Architect
![Page 2: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/2.jpg)
2 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
Agenda
User authentication drivers Authentication basics What’s in OpenEdge 10.1A Distributed authentication Using OpenEdge 10.1A What’s next?
![Page 3: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/3.jpg)
3 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
D I S C L A I M E R
Under Development
This talk includes information about potential future products and/or product enhancements.
What I am going to say reflects our current thinking, but the information contained herein is preliminary and subject to change. Any future products we ultimately deliver may be materially different from what is described here.
D I S C L A I M E R
![Page 4: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/4.jpg)
4 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
Agenda
User authentication drivers Authentication basics What’s in OpenEdge 10.1A Distributed authentication Using OpenEdge 10.1A What’s next?
![Page 5: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/5.jpg)
5 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
User Authentication Drivers
Hackers, Crackers, Rage, and Corruption Government regulations
– Sarbanes-Oxley (SOX)– CFR Part 11– HIPAA
Customer security policy requirements Migration to n-tier application architecture
– OpenEdge Reference Architecture– Service Oriented Architecture
![Page 6: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/6.jpg)
6 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
Distributed User Authentication Challenges
Prevent identity theft– Login credentials
– Login session Multiple authentication systems
– Existing customer systems
– Future authentication systems Multiple service interface support Deployment time configuration
![Page 7: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/7.jpg)
7 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
User authentication drivers Authentication basics What’s in OpenEdge 10.1A Distributed authentication Using OpenEdge 10.1A What’s next?
Agenda
![Page 8: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/8.jpg)
8 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
Application Security Fundamentals
AUTHENTICATION
AU
TH
OR
IZA
TIO
NA
UD
ITIN
G
AU
DIT
ING
APPLICATIONSECURITY
![Page 9: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/9.jpg)
9 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
Balancing Authentication Costs
$ Technology
$ Development
$ Support
$ Liability
$ Data
$ Support
Customer
Product
![Page 10: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/10.jpg)
10 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
Au
then
tica
tio
nP
lug
-in
Su
bsy
stem
Authentication Manager Architecture
AuthenticationManager
ProcessControl
LDAPLDAPLDAPPlug-in
4GLPlug-in
4GLProcedures
4GLProcedures
ProgressPlug-in _user_user
API
User ContextSubsystem
Au
dit
ing
OpenEdge
AP/End user
![Page 11: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/11.jpg)
11 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
ProcessControl
ProcessControl
Authentication Process Control
Principal
AuthenticationSystem
AuthenticationSystem
UserAccounts
UserAccounts
Authenticate
AuthenticationSystem
AuthenticationSystem
UserAccounts
UserAccounts
AuthenticationSystem
AuthenticationSystem
User AccountsUser Accounts
Account Check
Get Account Data
Application ResourcesApplication ResourcesAccessControl
Data
AccessControl
Data
AuthorizationManager
AuthorizationManager
LoginCredentials
LoginCredentials
AppServer Agent
Client
AuthenticationManager
![Page 12: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/12.jpg)
12 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
Single User Account Systems
AuthenticationSystem
AuthenticationSystem
UserAccounts
UserAccounts
AuthenticationManager
AuthenticationManager
AuthenticationManager
AuthenticationManager
AuthenticationManager
AuthenticationManager
AuthenticationManager
AuthenticationManager
![Page 13: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/13.jpg)
13 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
AuthenticationManager
AuthenticationManager
True Single Sign-On
AuthenticationSystem
AuthenticationSystem
UserAccounts
UserAccounts
AuthorizationManager
AuthorizationManager
AuthenticationManager
AuthenticationManager
AuthorizationManager
AuthorizationManager
AuthenticationManager
AuthenticationManager
TrustedDomainsTrusted
DomainsTrusted
DomainsTrusted
Domains
DomainAccess Key
![Page 14: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/14.jpg)
14 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
What’s in a Principal
PRINCIPALDomain: LDAPState: LoginUser-ID: DDuckLogin-token: BW3G1&2G1836D872Login-date: 3/12/05 08:15:33.12Login-expires: 3/12/05 19:30.00.00Roles: AccountantApp-data: Company=Acme ...
AuthenticationSystem Data
User Account Data
User Account Restrictions
Application Defined Data
![Page 15: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/15.jpg)
15 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
User authentication drivers Authentication basics What’s in OpenEdge 10.1A Distributed authentication Using OpenEdge 10.1A What’s next?
Agenda
![Page 16: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/16.jpg)
16 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
OpenEdge 10.1A Presents!
CLIENT-PRINCIPAL 4GL Object Trusted Authentication System Registry
(TASR) Database controlled authentication options Language extensions that use CLIENT-
PRINCIPAL objects Optional run-time OpenEdge database
permission checking
![Page 17: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/17.jpg)
17 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
4GL CLIENT-PRINCIPAL Object
Represents a single user’s login session Share a single user authentication
– Between application servers
– Between application server agents Supersedes the SETUSERID() function Set the current user-id for:
– The 4GL Application
– A OpenEdge database connection [ & permissions] Triggers OpenEdge auditing record creation
![Page 18: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/18.jpg)
18 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
Trusted Authentication System Registry (TASR)
Used to validate CLIENT-PRINCIPAL– OpenEdge client to AppServer Agent– 4GL Client to OpenEdge database
Supports multiple domains Uses domain’s key for validation Configurable via OpenEdge database
options table Loaded from OpenEdge database Domain
Registry table
![Page 19: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/19.jpg)
19 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
4GL Language Extensions
SECURITY-MANAGER object– SET-CLIENT() method
– LOAD-DOMAINS() method UUID function SETDBCLIENT() function HEXBINARY-ENCODE() function
![Page 20: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/20.jpg)
20 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
Release 10.1 Authentication Components
DB Options
OpenEdgeDatabase
Domain Registry
4GL Client, AppServer,WebSpeed Agent
4GL Core
AuthenticationManager
Principal
SECURITY-POLICY
ApplicationTASR
4GL Application
ServiceInterface
DatabaseTASR
Database Connection
Client Login Session
Application Domains
Database Domains
Authentication Options
Domain Configuration
![Page 21: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/21.jpg)
21 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
User authentication issues Authentication basics What’s in OpenEdge 10.1A Distributed authentication Using OpenEdge 10.1A What’s next?
Agenda
Sample Image:
Please replace it
(Insert, Picture, …)
![Page 22: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/22.jpg)
22 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
ClientClientClientClient
Benefits of the State-Free AppServer
AppServerAppServer
Agent
Agent
Agent
AppServerAppServer
Agent
Agent
Agent
ClientClient
![Page 23: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/23.jpg)
23 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
ClientClientClientClient
Benefits of the State-Free AppServer
AppServerAppServer
Agent
Agent
Agent
AppServerAppServer
Agent
Agent
Agent
ClientClient
ClientClient
AdapterAdapter
SOA
![Page 24: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/24.jpg)
24 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
AppServerAppServer
Agent
Agent
AuthenticationManager
AuthenticationManager
ServiceInterface
ServiceInterface
Problem with User Authentication in a State-Free AppServer
ClientClient
LoginLogin
PrincipalPrincipal
AuthenticationSystem
AuthenticationSystem
![Page 25: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/25.jpg)
25 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
AppServerAppServer
Agent
Agent
AuthenticationManager
AuthenticationManager
ServiceInterface
ServiceInterface
Problem with User Authentication in a State-Free AppServer
ClientClient ProcA
?
PrincipalPrincipal
![Page 26: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/26.jpg)
26 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
What’s a Login-Token
PRINCIPALDomain: LDAPState: LoginUser-ID: DDuckLogin-token: BW3G1&2G1836D872Login-date: 3/12/05 08:15:33.12Login-expires: 3/12/05 19:30.00.00Roles: AccountantApp-data: Company=Acme ...
Seal: 24VGWYY872ACE
Login Token
![Page 27: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/27.jpg)
27 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
AppServerAppServer
Agent
Agent
AuthenticationManager
AuthenticationManager
ServiceInterface
ServiceInterface
User Authentication in a State-Free Distributed System
ClientClient
Login
Principal ContextPrincipal Context
Principal
Principal
AuthenticationSystem
AuthenticationSystem
![Page 28: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/28.jpg)
28 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
AppServerAppServer
Agent
Agent
AuthenticationManager
AuthenticationManager
ServiceInterface
ServiceInterface
Principal ContextPrincipal Context
Principal
State-Free User Context Management
ClientClientProcA
![Page 29: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/29.jpg)
29 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
AppServerAppServer
Agent
Agent
AuthenticationManager
AuthenticationManager
ServiceInterface
ServiceInterface
Principal ContextPrincipal Context
Principal
State-Free User Context Management
ClientClient
ProcB
![Page 30: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/30.jpg)
30 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
User authentication drivers Authentication basics Distributed authentication What’s in OpenEdge 10.1A Using OpenEdge 10.1A What’s next?
Agenda
Sample Image:
Please replace it
(Insert, Picture, …)
![Page 31: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/31.jpg)
31 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
DB Options
OpenEdgeDatabase
Domain Registry
Configuring Single CLIENT-PRINCIPAL Context Mode
Data Administration
Utility
4GL Core
AuthenticationManager
SECURITY-POLICY
ApplicationTASR
4GL Application
ServiceInterface
DatabaseTASR
Database Connection
![Page 32: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/32.jpg)
32 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
Configuring the SECURITY-POLICY TASR
SECURITY-POLICY:LOAD-DOMAINS(“tasrdb”).
3.Load application TASR at run-time
1.Configure TASR domainsa. Domain name: LDAP
b. Domain key: “Domain key”
2. Configure databases to use application’s TASR
![Page 33: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/33.jpg)
33 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
CLIENT-PRINCIPAL
4GL Core
AuthenticationManager
SECURITY-POLICY
ApplicationTASR
4GL Application
ServiceInterface
User Login: Creating the CLIENT-PRINCIPAL
Principal
AuthenticationSystem
LoginCredentials
LoginCredentials
DB Permissions
OpenEdgeDatabase
Data TablesDatabase
TASR
Database Connection
![Page 34: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/34.jpg)
34 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
Creating the CLIENT-PRINCIPAL in the Authentication Manager
1.Create a CLIENT-PRINCIPAL object
CREATE CLIENT-PRINCIPAL hCP.
2.Set required attributeshCP:USER-ID = “DDuck”.hCP:LOGIN-TOKEN = BASE64-ENCODE(UUID).hCP:DOMAIN = “LDAP”.
hCP:ROLES = “Accountant”.
3.Define optional client account attributes
![Page 35: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/35.jpg)
35 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
Creating the CLIENT-PRINCIPAL (cont)4.Define optional application properties
hCP:SET-PROPERTY(“SalesOrder=CRU”).hCP:SET-PROPERTY(“CustInfo=R”).
hCP:SEAL(“Domain key”).
5.Commit the user authentication *
* Audit Record Generated
hCP:AUTHENTICATION-FAILED.
prop = hCP:GET-PROPERTY(“CustInfo”).
6.Read-only access to attributes and properties
![Page 36: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/36.jpg)
36 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
Sealing a CLIENT-PRINCIPAL Object
PRINCIPALDomain: LDAPState: LoginUser-ID: DDuckLogin-token: BW3G1&2G1836D872Login-date: 3/12/05 08:15:33.12Login-expires: 3/12/05 19:30.00.00Roles: AccountantApp-data: Company=Acme ...
(HMAC)
Seal: 24VGWYY872ACE
Domain AccessKey
hCP:SEAL(“Domain key”).
![Page 37: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/37.jpg)
37 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
CLIENT-PRINCIPAL
4GL Core
AuthenticationManager
SECURITY-POLICY
ApplicationTASR
4GL Application
ServiceInterface
User Login:Sharing CLIENT-PRINCIPLAL Objects
Principal ContextPrincipal Context
Principal
Principal
DatabaseTASR
Database Connection DB Permissions
OpenEdgeDatabase
Data Tables
![Page 38: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/38.jpg)
38 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
Sharing User Login Context
CREATE PrincipalContext.token = hCP:EXPORT-PRINCIPAL.tokenid = hCP:LoginToken.RELEASE PrincipalContext.
Define CLIENT-PRINCIPAL storageDEFINE TEMP-TABLE PrincipalContext FIELD tokenid AS CHARACTER FIELD token AS RAW INDEX tokenidIdx IS PRIMARY tokenid.
Export the user’s access token
![Page 39: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/39.jpg)
39 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
CLIENT-PRINCIPAL
4GL Core
AuthenticationManager
4GL Application
ServiceInterface
Running a Remote Procedure:Recovering the CLIENT-PRINCIPAL
Principal ContextPrincipal ContextPrincipal
Principal
SECURITY-POLICY
ApplicationTASR
DatabaseTASR
Database Connection DB Permissions
OpenEdgeDatabase
Data Tables
![Page 40: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/40.jpg)
40 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
CLIENT-PRINCIPAL
4GL Core
AuthenticationManager
4GL Application
ServiceInterface
Running a Remote Procedure:Setting the CLIENT-PRINCIPAL
Principal ContextPrincipal Context
Principal
Principal
SECURITY-POLICY
ApplicationTASR
DatabaseTASR
Database Connection DB Permissions
OpenEdgeDatabase
Data Tables
![Page 41: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/41.jpg)
41 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
Retrieving the User Login Context and Setting the User Identity
1. Import the user’s access tokenFIND PrincipalContext WHERE tokenid = “AXy12…”hCP:IMPORT(token).
SECURITY-POLICY:SET-CLIENT(hCP).
2.Setting a single application user identity *
* Audit Record Generated
![Page 42: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/42.jpg)
42 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
Validating a CLIENT-PRINCIPAL Object
PRINCIPALDomain: LDAPState: LoginUser-ID: DDuckLogin-token: BW3G1&2G1836D872Login-date: 3/12/05 08:15:33.12Login-expires: 3/12/05 19:30.00.00Roles: AccountantApp-data: Company=Acme ...
(HMAC)
Seal: 24VGWYY872ACE
TASR
== T/F
Domain AccessKey
![Page 43: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/43.jpg)
43 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
CLIENT-PRINCIPAL
4GL Core
AuthenticationManager
4GL Application
ServiceInterface
Logging Out:Deleting CLIENT-PRINCIPLAL Objects
Principal ContextPrincipal Context
Principal
SECURITY-POLICY
ApplicationTASR
DatabaseTASR
Database Connection DB Permissions
OpenEdgeDatabase
Data Tables
![Page 44: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/44.jpg)
44 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
Logging out CLIENT-PRINCIPAL Objects and Deletion
hCP:LOGOUT(hCP).
2.Logout a client *
* Audit Record Generated
1. Import the user’s access tokenFIND PrincipalContext WHERE tokenid = “AXy12…”hCP:IMPORT(token).DELETE PrincipalContext.
![Page 45: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/45.jpg)
45 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
User authentication drivers Authentication basics Distributed authentication What’s in OpenEdge 10.1A Using OpenEdge 10.1A What’s next?
Agenda
![Page 46: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/46.jpg)
46 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
Au
then
tica
tio
nP
lug
-in
Su
bsy
stem
Authentication Manager Architecture
AuthenticationManager
ProcessControl
LDAPLDAPLDAPPlug-in
4GLPlug-in
4GLProcedures
4GLProcedures
ProgressPlug-in _user_user
API
User ContextSubsystem
Au
dit
ing
OpenEdge
AP/End user
![Page 47: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/47.jpg)
47 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
Au
then
tica
tio
nP
lug
-in
Su
bsy
stem
Future Support:More Core Business Services
OpenEdgeAuthentication
Service
ProcessControl
LDAPLDAPLDAPPlug-in
4GLPlug-in
4GLProcedures
4GLProcedures
OpenEdgePlug-in _user_user
API
User ContextSubsystem
Au
dit
ing
OpenEdge UserContext Service
Login()Logout()
OpenEdge
![Page 48: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/48.jpg)
48 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
Future Support:More Application Authorization
User Roles
OpenEdgeDatabase
Access Control Lists
4GL Core
SECURITY-POLICY
4GL Application
ServiceInterface
AuthorizationSubsystem
CanAccess(…).
OpenEdgeAuthentication
Subsystem
Login (…).
Principal User Role Support
Access Control Lists
4GL ACLFunctions
4GL Login Functions
![Page 49: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/49.jpg)
49 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
In Summary
Secure user authentication is necessary in today’s world
Distributed user authentication presents many challenges
OpenEdge 10 is providing the answer
![Page 50: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/50.jpg)
50 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
Questions?
![Page 51: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/51.jpg)
51 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation
Thank you for your time!
![Page 52: DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment](https://reader035.fdocuments.in/reader035/viewer/2022062422/568139c8550346895da175e3/html5/thumbnails/52.jpg)
52 DEV-09: User Authentication in OpenEdge 10.1 © 2005 Progress Software Corporation