| Fundamentals / Delegate the start of an application or service | |
Three examples of possible uses for the delegation mechanism.
You can develop a simple delegation service to authenticate and authorize users to access to one or several applications on the Genero Application Server.
The delegation service will respond to the request with an HTML form, asking for a user name and password. In this case, HTTPS is required; otherwise the login and password will be sent in clear.
A request with a user name and a password parameters will be processed by the delegation service. The service will check for the user name and password in its attached database. If the user name and password are correct, a digest will be created, stored in the database, and send back to the user-agent in a cookie. The delegation service will instruct the user agent to delegate on the same URL (so the user agent will use its newly set cookie).
A request with a cookie will be processed by the delegation service. The cookie will be checked in the database. The corresponding user id, as well as the user role (administrator, user, guest, and so on), will be set as application parameters and the Genero Application Server will be instructed to allow the launch of the application.
A simple local authentication / authorization mechanism is provided in the Genero Application Server tutorials
You can develop a delegation service to authenticate and authorize users to access to one or more applications on the Genero Application Server, based on standard SSO services such as OpenId or SAML.
The delegation service responds to a simple request with a delegation to the SSO service, with a reference to the requested application.
A request with a cookie will be processed by the delegation service. The cookie will be checked by the SSO service (means depending on the SSO protocol). The corresponding user id and user role (as allowed by the SSO protocol) will be set as application parameters and the Genero Application Server will be instructed to allow the launch of the application.
OpenId and SAML services, ready to be used, are provided in the demos located at FGLDIR\web_utilities\services.
You can develop a simple delegation service to monitor and log all requests to a given service. Each request can be logged in a dedicated database by the delegation service. The Genero Application Server can then be instructed to pass the request to the GWSProxy.