Single sign-on (SSO) / SAML SSO and the Genero Application Server |
Authorize whether an user already authenticated by SAML SSO can access a Genero application.
An external program to serve as the authorization application. This external program can be written in Genero, however it does not have to be written in Genero.
The authorization program expects two mandatory arguments and the list of SAML attributes received from the Identity Provider (IdP).
Examples of parameters passed to a Genero authorization program:
fglrun AccessProgram AZEd3R4 "qa-test/application" "fullname" "genero test" "email" "genero@abc.com" "country" "France"
The application AccessProgram.4gl in $FGLDIR/web_utilities/services/saml/src provides an example of an authorization application written in Genero.
With a SAML SSO implementation, you can specify an external program to determine whether an already authenticated user can access a Genero Web application.
If the AUTHORIZATION tag is not defined, any user authenticated by an SAML provider can access the Genero Web application. If the application should not be authorized for all users registered in the SAML IdP, you should add an authorization program and that you implement rules to filter access.