Quick start: Set up OpenID in the GAS

Follow these steps to quickly set up OpenID Single sign-on (SSO) for your Genero Application Server and Genero Web Client applications.

Before you begin, you must Configure GAS for OpenID SSO.

In this quick start, you add OpenID Single sign-on (SSO) to a Genero Web Client application, then execute the application with SSO.
  1. Add OpenID SSO to a Genero Web Client application.
    1. Add the DELEGATE element to all Genero Web Client applications requiring SSO.
      <APPLICATION Parent="defaultgwc">
        <EXECUTION>
          <PATH>$(res.path.mypath)/myapplication</PATH>
          <MODULE>myapp.42r</MODULE>
          <DELEGATE service="services/OpenIDServiceProvider" />
        </EXECUTION>
      </APPLICATION>    
    2. Add a PROVIDER element to indicate which identity provider to use for the application.
      <APPLICATION Parent="defaultgwc">
        <EXECUTION>
          <PATH>$(res.path.mypath)/myapplication</PATH>
          <MODULE>myapp.42r</MODULE>
          <DELEGATE service="services/OpenIDServiceProvider">
            <PROVIDER>google.com</PROVIDER>
          </DELEGATE>
        </EXECUTION>
      </APPLICATION>    
      If a provider is not defined, a page with the list of available ID provides is displayed.
  2. Execute a Genero Web Client application with SSO.
    1. Start your browser and enter the application URL. You are prompted to enter your openid.
    2. Click the signin button. Your browser is redirected to the OpenID provider.
    3. Enter your credentials. If your credentials are valid, your browser is redirected to the Genero Web Client application. The application can then get OpenID user information through environment variables such as OPENID_CLAIMED_ID.
      Note: The fglrun process is executed in the context of the GAS operating system user. For example, when using apache, the program process with run in the context of the apache user.
The next time you start the same application - or any application delivered by the same Genero Application Server - you will not be prompted for your credentials. The application will start and get the same OpenID user information.
Tip: Read all of the OpenID topics in the Genero Application Server User Guide for details on features provided by OpenID SSO support in the Genero Application Server, to include attributes gathering or authorization control.