Add OpenID Connect SSO to Genero Web application

Follow these steps to add OpenID Connect SSO to a Genero Web application.

This task must be performed in the .xcf application configuration file for the Genera Application Server.

Add <DELEGATE service="services/OpenIDConnectServiceProvider"> to the application configuration (.xcf) file.

Add the DELEGATE tag to all Genero Web Client applications requiring Single sign-on (SSO), plus the following 3 mandatory parameters :

IDP : the IdP account (e.g. https://accounts.google.com)
CLIENT_PUBLIC_ID : the OAuth2 public id from the IdP
CLIENT_SECRET_ID : the OAuth2 shared secret id from the IdP
SCOPE : (optional) the OpenID Connect attributes you want to get at authentication (e.g. email, phone, address)

<?xml version="1.0"?>
<APPLICATION Parent="defaultgwc"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:noNamespaceSchemaLocation="http://www.4js.com/ns/gas/2.50/cfextwa.xsd">
  <EXECUTION>
    <PATH>$(res.path.qa)/applications/myapp</PATH>
    <MODULE>App.42r</MODULE>
      <DELEGATE service="services/OpenIDConnectServiceProvider" >
          <IDP>https://accounts.google.com</IDP>        
          <SCOPE>email</SCOPE>        
          <CLIENT_PUBLIC_ID>XXXXXXXX.apps.googleusercontent.com</CLIENT_PUBLIC_ID>
          <CLIENT_SECRET_ID>XXXXXX-XXXXXX</CLIENT_SECRET_ID>        
      </DELEGATE>
  </EXECUTION>
</APPLICATION>

With the above configuration and default GAS configuration, the delegation will point to the $FGLDIR/web_utilities/services/OpenIDConnectServiceProvider.xcf file.

For more information about the DELEGATE configuration element, see DELEGATE.

The Genero Application Server will handle the OpenID Connect protocol and start the Genero web application only when the user has been authenticated, otherwise an HTML error page is returned.