Follow these steps to quickly set up OpenID Single sign-on (SSO) for your Genero
Application Server and Genero Web Client applications.
In this quick start, you add OpenID Single sign-on (SSO) to a Genero Web Client
application, then execute the application with SSO.
-
Add OpenID SSO to a Genero Web Client application.
-
Add the DELEGATE element to all Genero Web Client applications requiring
SSO.
<APPLICATION Parent="defaultgwc">
<EXECUTION>
<PATH>$(res.path.mypath)/myapplication</PATH>
<MODULE>myapp.42r</MODULE>
<DELEGATE service="services/OpenIDServiceProvider" />
</EXECUTION>
</APPLICATION>
-
Add a PROVIDER element to indicate which identity provider to use for the
application.
<APPLICATION Parent="defaultgwc">
<EXECUTION>
<PATH>$(res.path.mypath)/myapplication</PATH>
<MODULE>myapp.42r</MODULE>
<DELEGATE service="services/OpenIDServiceProvider">
<PROVIDER>google.com</PROVIDER>
</DELEGATE>
</EXECUTION>
</APPLICATION>
If a provider is not defined, a page with the list of available ID provides is
displayed.
-
Execute a Genero Web Client application with SSO.
-
Start your browser and enter the application URL.
You are prompted to enter your openid.
-
Click the signin button.
Your browser is redirected to the OpenID provider.
-
Enter your credentials.
If your credentials are valid, your browser is redirected to the Genero Web Client
application. The application can then get OpenID user information through environment variables such
as OPENID_CLAIMED_ID.
Note: The fglrun process is executed in the context of the GAS operating system
user. For example, when using apache, the program process with run in the context of the apache
user.
The next time you start the same application - or any application delivered by the same
Genero Application Server - you will not be prompted for your credentials. The application will
start and get the same OpenID user information.
Tip: Read all of the OpenID topics in the
Genero Application Server User Guide for details on features provided by OpenID SSO support in the
Genero Application Server, to include attributes gathering or authorization control.