Welcome
Developing
Developing EGL applications
Enterprise Generation Language (EGL) is a programming language that you can use to focus on business problems instead of software technologies. Within the Rational® development environment, you can use EGL wizards and other tools to write complex applications with minimal effort.
EGL Programmer's Guide
The EGL Programmer's Guide covers using EGL within the Eclipse Integrated Development Environment (IDE), as well as some of the common programming tasks that EGL developers perform.
Services: a top-level overview
The topics in this section describe service-oriented architecture (SOA) and related technologies, EGL support for SOA, and service-related procedures, with an emphasis on service access. For details about deployment, see “Introduction to EGL generation and deployment” and “Add web-service deployment entries in the EGL deployment descriptor.”
EGL Support for SSO
Single Sign-On (SSO) is an authentication process that enables users to access multiple applications with a single set of credentials. This enhances security and user experience by reducing password fatigue and ensuring centralized access control.
SSO for IBD Rest and Keycloak
Single Sign-On (SSO) is an authentication mechanism that enables users to log in once and access multiple applications without repeatedly entering credentials. By centralizing authentication, SSO enhances both security and user experience.

Overview
Getting started
Installing
Upgrading and migrating
EGL Code Accelerator for IBD
Developing
- Model driven development of EGL code
- Generating source code from UML models
  You can use transformations to create source code from a UML model. First you must create a transformation parameters file and then apply those parameters to a model.
- Generating the EGL Dependency Graph from EGL projects
- Generating Source Code from OpenAPI Documents
- Developing EGL applications
  Enterprise Generation Language (EGL) is a programming language that you can use to focus on business problems instead of software technologies. Within the Rational® development environment, you can use EGL wizards and other tools to write complex applications with minimal effort.
  - How to use this documentation
  - Additional information about EGL
    The most recent EGL documentation is in the IBM Business Developer documentation.
  - EGL Programmer's Guide
    The EGL Programmer's Guide covers using EGL within the Eclipse Integrated Development Environment (IDE), as well as some of the common programming tasks that EGL developers perform.
    - Introduction
      These topics explain the fundamentals of using EGL in the Eclipse IDE, as well as changes to the EGL language and IDE in this version.
    - Contents of an EGL application
      EGL applications contain projects, packages, folders, and files.
    - Properties
      Properties set specific options for parts. In general, you specify the properties when you create the part and then the properties are static. In certain circumstances, however, it is possible to change a property dynamically.
    - Annotating EGL Applications
      EGL developers can annotate their applications to indicate the version, authors as well as a general description.
    - Import and use statements
      Use the EGL import and use statements to expand the visibility of code elements.
    - Working with EGL code
    - Accessing data with EGL code
    - Transfer of control across programs
    - Developing segmented programs in EGL
      Different runtime environments have different considerations for developing segmented programs.
    - Developing EGL programs for the IMS™ environment
    - Developing EGL programs for the CICS® environment
      There are specific design and development considerations when creating EGL programs for CICS® for z/OS® and CICS for VSE.
    - Developing EGL programs for the VSE environment
      IBM Business Developer provides a Generation for VSE feature that you can use to generate EGL as COBOL source for the z/VSE® environment.
    - Developing programs for iSeriesC
      You can deploy EGL-generated COBOL programs targeted for the IBM® i environment.
    - Overview of EGL Logging for Java Application
    - Overview of EGL Rich UI
    - Services: a top-level overview
      The topics in this section describe service-oriented architecture (SOA) and related technologies, EGL support for SOA, and service-related procedures, with an emphasis on service access. For details about deployment, see “Introduction to EGL generation and deployment” and “Add web-service deployment entries in the EGL deployment descriptor.”
      - Service-oriented architecture (SOA)
        Service-oriented architecture (SOA) is a way of organizing software. To learn about SOA, see the following sections:
      - EGL support for SOA
        EGL provides two kinds of support for service-oriented architecture (SOA): service development and service access.
      - EGL Support For REST
      - EGL Support for SSO
        Single Sign-On (SSO) is an authentication process that enables users to access multiple applications with a single set of credentials. This enhances security and user experience by reducing password fatigue and ensuring centralized access control.
        SSO using Kerberos (for IBM i Systems)
        SSO for IBD Rest and Keycloak
        Single Sign-On (SSO) is an authentication mechanism that enables users to log in once and access multiple applications without repeatedly entering credentials. By centralizing authentication, SSO enhances both security and user experience.
        Installing Keycloak and PostgreSQL
        Configuring Keycloak
        Enabling SSO for IBD REST
        To enable Single Sign-On (SSO) for EGL REST services, create an EGL REST service project and configure the required properties at the build descriptor level.
        Enabling SSO for IBD REST with Spring Framework support
        To enable Single Sign-On (SSO) for EGL REST services with Spring Framework, create an EGL REST service project and configure the required properties at the build descriptor level and deploy the application.
        Accessing APIs (services)
        You must first acquire an access token (JWT token) from Keycloak.
        Fetch access token from the EGL RUI
        This section explains how to securely fetch an access token (JWT) from Keycloak using EGL REST in an EGL Rich UI (RUI) application.
      - Creating a service to call a program
        If you have a called program in your project, you can create a Service part to call that program.
      - Spring Framework for EGL REST Services
      - Accessing a service
        In EGL, you can access several different types of services. To learn the access procedures, see the links in the following table.
      - Setting preferences for service generation
        You can specify how your services are generated.
      - Creating a WSDL file to preview
        You can create a WSDL file from a Service part to preview the file that will be generated for that part.
    - Generating source code from UML models
      You can use transformations to create source code from a UML model. First you must create a transformation parameters file and then apply those parameters to a model.
    - Building EGL Text User Interface applications
      A Text UI application presents a text-based user interface similar to that of a 5250 or 3270 terminal.
    - Creating reports with EGL
      EGL offers different ways to create reports, using external engines to generate the report contents.
    - Working with web transaction applications in EGL
    - Debugging EGL applications
    - EGL Unit Testing
    - z/OS Connect
  - EGL Generation Guide
    The EGL Generation Guide covers the process of converting EGL code to Java™ or COBOL source code, including the processes and the files involved. This section is intended for a developer who will generate or deploy EGL applications.
  - EGL Language Reference
    The EGL Language Reference covers the fundamental use of the language, including its concepts, syntax, and keywords. This volume is intended for a developer writing EGL applications with some experience in procedural programming.
  - Rational® COBOL Runtime Guide for zSeries®
    This manual provides information about customizing and administering the IBM® Rational® COBOL Runtime.
  - IBM Business Developer EGL Server Guide for IBM® i
    This manual provides information about customizing and administering EGL Server for IBM® i on the host.
  - Generation for VSE Feature Reference
    This reference manual provides z/VSE-specific information about developing and generating EGL programs in the VSE environment.
- Source code analysis with code review
  With code review, you can create configurations of coding rules for EGL source code. You can then run the configurations to check the source code for consistency with the rules.
- Responsive Design Support in IBD
  What is Responsive Design? Responsive design is an approach for creation of web pages that automatically scales its content and elements to match the screen size on which it is viewed. So, instead of designing multiple websites for different devices with variable screen sizes, we can design just one website that scales up or down automatically, to match the device it’s being viewed on.
- Containerizing an EGL RUI Application
Samples
Troubleshooting and support
EGL runtime error messages
Reference
Glossary
Using the help
Notices for IBM Business Developer documentation

SSO for IBD Rest and Keycloak

Single Sign-On (SSO) is an authentication mechanism that enables users to log in once and access multiple applications without repeatedly entering credentials. By centralizing authentication, SSO enhances both security and user experience.

Keycloak

Keycloak is an open-source Identity and Access Management (IAM) solution with authentication and authorization capabilities. It supports SSO using protocols like OAuth 2.0, OpenID Connect (OIDC), and SAML. Keycloak can authenticate users and issue JWTs (JSON Web Tokens), which are then used to authorize API requests.

Role-Based Access Control (RBAC) in Keycloak

Keycloak allows defining roles and assigning them to users. APIs in the Spring Boot application can be categorized as:

Public APIs – Accessible without authentication.
Secure APIs – Require a valid JWT and are restricted based on user roles.

Flow of SSO Authentication with Keycloak & JWT

The authentication flow with Keycloak and JWT works as follows:

The user logs in to Keycloak with their credentials.
Keycloak validates the credentials and generates an access token (JWT).
When requesting the Spring Boot application, the user includes this JWT in the Authorization header.
The Spring Boot application verifies the JWT.
The application extracts user roles from the token.
Access is granted or denied based on RBAC policies.