Evaluate authentication when migrating from GDC

Most GDC applications connect to the server with its user permissions and profile. As a result, the applications are run under this user identity.

When applications are deployed through GAS, they are launched as the user that started the GAS, unless the GAS is set to impersonate.

As the application user is different, this can have an impact on use of environment variables and permissions. The setting for the HOME environment variable, for example, may not be for the user you intended, and the ability to read/write files and execute sub-shells may also be affected by different user permissions.

You need to review your sources to determine how dependent you are on environment variables. If you do not already have one, it is probable that you need to add the concept of an application user to your application. You also need to consider how this user is authenticated. This may mean adding your own login/password dialog, or using SSO or Web server authentication.

In any case, it is recommended to migrate the application first on GDC over HTTP. If the application runs on the browser, no further action is required. Otherwise, depending on authentication needs, adaptations to your application may be needed.

  • Single sign-on (SSO) authentication

    The SSO authentication mechanism now works for both GDC and GBC. If you were using SSO with GDC, you can continue to use it with the GAS. For more details, see How to implement Single sign-on (SSO) in the Genero Application Server User Guide.

  • Web Server authentication

    Web servers such as Apache or Microsoft™ IIS provide simple authentication mechanisms. If you use the Web server's authentication mechanism, the login details are transmitted to Genero applications by the dispatcher in an environment variable. The user login can be retrieved from the runtime environment with the FGL instruction:

    fgl_getenv("FGL_WEBSERVER_REMOTE_USER")

    For more details, see the fgl_getenv topic in the Built-in functions chapter of the Genero Business Development Language User Guide.

  • Application login

    With an application login, there is nothing additional to do as the application handles the login.