This course revolves around OpenEdge security implementation for applications. Broken down by
workshop, each topic starts with an introduction and discusses best practices to implement all the needed security
elements. Exercises are given at the end of each workshop to implement the security into an applic.
Lesson 1: Implementing the Client-Principal Object into an OpenEdge application
- Setting up identity and security management into the databases
- Creating a security database for authentication and authorization
- Domain access for application server, LDAP and OS domains
- Implementing security services class
- Implementing the CP into the PASOE session procedures
Lesson 2: Implementing OpenEdge Auditing
- Tracing who accessed and altered application data at what time. Setting up database and OpenEdge auditing.
- Audit privileges
- Database events
- Application events
- Login session events
- Configure audit policies
- Managing OpenEdge auditing and reporting
Lesson 3: Implementing OpenEdge Authentication Gateway
- Enabling OpenEdge databases to use the authentication gateway
- Using server key and digital certificate on the OEAG
- Using named domains
- Using roles for authorization
- Encrypting passwords
- Adding auditing and policies
- Implementing LDAP and OERealm
Lesson 4: PAS for OpenEdge Spring Security
- Introduction to the (default) PASOE Spring framework
- Exploring authentication and authorization
- Using the Client-Principal object
- Troubleshooting with log settings
- Implementing LDAP
- Implementing SSO
- Implementing OERealm
- Implementing STS
- Enterprise Auth Providers
- Concept of SAML
- Concept of OAuth