The latest release of the OpenEdge application development and deployment platform, version 11.1, reinforces our commitment to our customers’ needs for security, privacy and compliance. OpenEdge 11.1 includes security enhancements that simplify user authentication and centralized controls.
One of my favorite things in the new OpenEdge 11.1 release is a new plug-in for the extensible OpenEdge Identity Management framework. The two inbuilt plug-ins provided earlier allowed for user authentication against the database's _user table and against local operating system accounts. Now we have an ABL/4GL authentication plug-in mechanism that you can use to invoke your own code to do user authentication in whatever way you like.
You use the new mechanism as follows: in your application you simply create a client-principal object and set values for various fields in it. When you invoke either SET-DB-CLIENT() or SECURITY-POLICY:SET-CLIENT() then an entry-point in your previously registered 4GL callback procedure will be called. Your code then examines the presented user identity, decides whether or not it is valid, and returns either an accept or reject return code. Since we create client-principal objects under the covers when you connect to a database using the CONNECT statement and the -U user-name parameter and also when you use the SETUSERID() function, your callback will be called for those as well. This cool extension enables you to use all sorts of external authentication services as well as ones you may have built into your application.
But wait . . . that's not all! You can also use the callback mechanism with the inbuilt authentication systems to extend those. For example, you can set additional values in the client-principal object or record all user logins somewhere suitable.
To use this feature, all you have to do is set the callback procedure name in the _sec-authentication-system._PAM-callback-procedure for those authentication domains in which you want a procedure to be called.
You can find more information about this feature in Chapter 2 of the OpenEdge 11.1 manual entitled "OpenEdge Development: Programming Interfaces".
Try it. You will like it!
View all posts from Gus Bjorklund on the Progress blog. Connect with us about all things application development and deployment, data integration and digital business.
Let our experts teach you how to use Sitefinity's best-in-class features to deliver compelling digital experiences.
Learn MoreSubscribe to get all the news, info and tutorials you need to build better business apps and sites
Progress collects the Personal Information set out in our Privacy Policy and the Supplemental Privacy notice for residents of California and other US States and uses it for the purposes stated in that policy.
You can also ask us not to share your Personal Information to third parties here: Do Not Sell or Share My Info
We see that you have already chosen to receive marketing materials from us. If you wish to change this at any time you may do so by clicking here.
Thank you for your continued interest in Progress. Based on either your previous activity on our websites or our ongoing relationship, we will keep you updated on our products, solutions, services, company news and events. If you decide that you want to be removed from our mailing lists at any time, you can change your contact preferences by clicking here.