Follow these steps to retrieve additional attributes about user identity when
authenticating to an OpenID provider.
As a prerequisite, identify which identity attributes are supported by the OpenID
provider (i.e. the identity provider - IDP). The Genero OpenID Single sign-on (SSO)
implementation automatically detects which attribute exchange protocol is
supported.
There are two kinds of attribute exchange protocols:
- OpenID Simple Registration Extension (default for Genero)
- OpenID Attribute Exchange (used if default is not available)
- Specifications
- List of attributes are specific to an OpenID provider and must be
mapped to a single name in the configuration file of the Genero
OpenID implementation.
Complete this procedure to retrieve additional attributes about your identity when
authenticating to an OpenID provider. For example, you can retrieve the email, full
name, or country of the user.
-
Add an ATTRIBUTES element as a child of the OpenID
DELEGATE element in the application configuration
(xcf) file. Provide a comma-separated list of OpenID
attributes within the ATTRIBUTES element.
In this example, the email, fullname, and
country openid attributes are specified.
<?xml version="1.0"?>
<APPLICATION Parent="defaultgwc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://www.4js.com/ns/gas/2.50/cfextwa.xsd">
<EXECUTION>
<PATH>$(res.path.qa)/applications/myapp</PATH>
<MODULE>App.42r</MODULE>
<DELEGATE service="services/OpenIDServiceProvider">
<ATTRIBUTES>email,fullname,country</ATTRIBUTES>
</DELEGATE>
</EXECUTION>
</APPLICATION>
-
To retrieve the OpenID attributes in your Genero application, add a
fgl_getenv() call for each attribute specified in the XCF
file with a prefix of OPENID_.
LET email = fgl_getenv("OPENID_email")
LET fullname = fgl_getenv("OPENID_fullname")
LET country = fgl_getenv("OPENID_country")
The Genero application retrieves the requested identity attributes.