In order to use an external system to authorize/authenticate a user logged in the database, do the following steps:
1 - Enable the auditing in the database. Refers to article# "How to enable auditing for an OpenEdge database ?"2 - For testing purposes, enforce run-time security. Refers to article# "How to use the CAN-DO function to implement runtime application security"3 - Define that a certain table can be queried only by an specific user and do not define a user table in the database.4 - Go to the database and define a authentication system domain. Start the Data Administration and go to Admin->Security->Authentication System -> Authentication System Domains. Once there, hit the create button to create a domain. This domain along with its key, has to be the one used by the applications. A database can have as many domains as it needs, usually being one domain for each application that access this database.5 - Run a test application like this:
DEFINE VARIABLE hCP AS HANDLE.
DEFINE VARIABLE MyUUID as RAW.
DEFINE VARIABLE Base64UUID as CHARACTER.
CREATE CLIENT-PRINCIPAL hCP.
MyUUID = GENERATE-UUID.
Base64UUID = BASE64-ENCODE(MyUUID).
hCP:SESSION-ID = Base64UUID.
hCP:USER-ID="user1". /* whatever user that would have proper access to your tables */
hCP:DOMAIN-NAME="test". /* domain name from the database */
hCP:SEAL("mykey"). /* it has to be the same key from the database */
SET-DB-CLIENT(hCP). /* instead of using setuserid that relies on _user, this function set the database user id to be the user-id attribute */
run <your application>.p /* from that point on, your database user is already set */
