Single sign-on (SSO) / OpenID SSO and the Genero Application Server |
Authorize whether an user already authenticated by OpenID SSO can access a Genero application.
An external program to serve as the authorization application. This external program can be written in Genero, however it does not have to be written in Genero.
The authorization program expects two mandatory arguments and the list of OpenID attributes received from the OpenID provider.
Examples of parameters passed to a 4GL authorization program:
fglrun AccessProgram genero-user.pip.verisignlabs.com "qa-test/application" "fullname" "genero test" "email" "genero@4js.com" "country" "France"
The application AccessProgram.4gl in $FGLDIR/web_utilities/services/openid provides an example of an authorization application written in Genero.
With the Genero OpenID implementation, you can specify an external program to determine whether an already authenticated user can access a Genero Web application.
If the AUTHORIZATION tag is not defined, any user authenticated by an OpenID provider can access the Genero Web application. It is recommended that you add an authorization program.