| How to implement Single sign-on (SSO) / OpenID SSO | |
Use the realm parameter to define specific domains for a set of applications.
By default, the OpenID Connect Single sign-on (SSO) service is launched with a realm parameter set to auto. All applications using this OpenID service are authenticated by the OpenID provider as coming from the same domain, and thus only require one authentication process for all of them.
The realm parameter can be changed from auto to an exact domain name (such as www.4js.com:6394/gas):
<EXECUTION>
...
<PATH>$(res.path.fgldir.services)/openid/bin</PATH>
<MODULE>OpenIDServer -realm www.mycompany.com:6394/gas -logPath "$(res.appdata.path)"</MODULE>
...
</EXECUTION>
When using an exact domain name, ensure that all URLs for accessing your Genero Web applications have that form, otherwise you will get an OpenID error message.
To force the OpenID authentication login for any application executed by the GAS, remove the realm parameter from the $FGLDIR/web_utilities/services/OpenIDServiceProvider.xcf file. The end user will then be requested for credentials for any single application, even if they use the same OpenID service.