SSO, can be achieved in some different ways. It can work over OAuth2, NTLM, Kerberos, SAML and so on. In different projects, I have used Kerberos/NTLM and OAuth2. But real SSO was only with Kerberos. And when you already have LDAP Auth in your application, it will be quite easy to add SSO. But also depends on which OS and which WEB server you have. On Windows much easier to start with IIS while so difficult to find a working module for Apache. On Linux there is also could be a problem to find the latest version of the module which will work with the latest version of apache. But when you will manage to get it worked on web-server side, on Caché side, almost nothing to do left. When you get first unauthorized request, you should return back with status 401, and say which method of authentication you need through header WWW-Authenticate: NTLM. Then if web server managed to get username, it will send it by header REMOTE_USER. Of course, you will not get password, you just use this username and authorize session. 

If your server on windows, you have two connection options. 

  • Terminal. Available only locally, and can use windows security. Enabled by default.
  • Telnet. Used to connect from outside. Disabled by default (you can activate this service in SMP.). After enabling, you can connect using terminal or any other tool by default port 22.

If your server on Linux. You have only one option is csession or irissession tool which works only locally to the server. For remote access you should use ssh or telnet. But you can't configure telnet from Cache. You should do it by yourself.

How Caché works with licenses, actually very interesting and sometimes quite difficult to understand, but it is possible to find a balance for everybody. Fortunately, at the same time, it has actually some tricks on how to turn it on your side.

The first important thing is every time when user login, you should log in the user not only in security but license as well. In this case, if the user uses the same IP address will be used the license unit.

In your case, I'm not even sure about forcing log out, do you really need it? You mentioned that your application still web, and does not matter is at wrapped as an application or opened right from the browser. You should have the same behaviour. So, you can reduce timeout for the session, add some timer which will ping the server from time to time when app is active to extend session time. Sessions on the server side also have a grace period after a timeout which is 5 minutes long, in most cases enough to return back from the call.

Well,

this add-in url is

/isc/studio/templates/%25ZEN.Template.AddInWizard.SOAPWizard.cls?Namespace=USER

But when you redirect with Redirect directive, your query part dissapear. And it opens with default namespace %SYS.

To solve it you should use mod_rewrite instead with RewriteCond and RewriteRule directives. I don't give you any examples, just don't have a good place to check it. But I think I can find it.

Usually, the problem which you can face with SSL, is, how to trust self-signed certificate. In your case looks like, you have one server for development, and everybody connects to this one server. And in this case, there are two ways to make this SSL trusted,

  • if you have a domain name which publicly available, from the internet. Internal servers should not be available from outside, just only one server, where you can generate certificate with Let'sEncrypt. And you can make wildcard certificate as well. 
  • you don't have such domain name, and don't have access from outside. So, you should have own certificate server, and make by yourself. I think this way is a bit harder.

For local instances, when you need SSL only on your machine for yourself, you can use the mkcert tool and any subdomain from localtest.me (which goes to localhost) for example.

CACHE.DAT or even IRIS.DAT does not have any relation with operation system. So, you can easily move database files between instances on different OS and versions. But you should remember about data itself, like differences between 8-bit and Unicode. And code, which should be compiled for particular version but also not depends on OS.

You can find some details about database format from my articles.

Sounds wonderful.

But, I hope you don't do it from scratch and reuse some already developed components. Developing editor, from scratch is too difficult, and TDD is the last thing to do on the list. And when you say IDE, it means much more than just Editor. And is VSCode is not IDE but has a lot of possibilities already. You can look at Monaco editor, which can work in a browser, but it is also an engine for VSCode. So, it would be possible to reuse some functionality from VSCode extension.

Every debugging tied very much with an editor of code. So, the first question should be, which editor should be used. The studio already has some debugging options, Atelier, too. I'm working hard now on VisualStudio code, and they also have good ways for debugging and hope I will manage to add good debugger for VSCode as well, but not only me who can do it. George James already has their debugger and introduced their work on the same debugger in VSCode.