Question Enhance existing Windows ABL application to use single sign-on/LDAP


19+ years progress programming and still learning.
The requirement is to update a Legacy Windows ABL application to have single sign-on. The use is able to logon the application without being prompted for a password.

I would like to know how would you implement it?

oe 11.7 +
Last edited:


Well-Known Member
There are a lot of different answers - and most likely none might fit your requirements ...

Additionally to 2FA we are also required to perform location aware access control. For example when user crosses borders he might still need access to one of our applications but due to regulation certain data must not be visible across the border.

Nevertheless - we use 2FA with smartcard (SSL client certificates residing on those smartcards to be precise). When the users log onto a Windows system, they need to do so by putting their smartcard into the smartcard reader and enter the PIN. During a successfuly logon the SSL client certificate residing on the smart card gets copied into the Windows certificate store. Next any application can fetch it from the Windows certificate store and present it to any protected backend resource during the SSL handshake.

Our WebServers are utilizing a plug-in based on CA's site minder which authenticates the SSL client certificate and enriches the HTTP headers (alternatively creating an ASN.1 token) with the user's identity and the location information. These HTTP headers are then picked up by our authentication service running on WebSpeed which returns a serialized client principal object to the client application to be used to authenticate against the database.

Of course, this is a very specific implementation which have in place now for several years. But it might give you an idea which questions to ask.


Well-Known Member
Forgot to add: I use .NET objects for the certificate fetching and the HTTP request from the ABL GUI client ...

The ABL, unfortunately, does not and maybe never will support SSL client certificates on socket connections. That's the why for the .NET objects.