Quick start: Set up OpenID Connect in the GAS

Follow these steps to quickly set up OpenID Connect for your Genero Application Server and Genero Web Client applications.

1. Add OpenID Connect SSO to a Genero Web Client application requiring SSO.
   1. Add the DELEGATE element to all Genero Web Client applications requiring SSO

      The first three parameters are mandatory:

      • IDP : the provider of the IdP account (e.g. https://accounts.google.com)
      • CLIENT_PUBLIC_ID : the OAuth2 public ID provided by the IdP
      • CLIENT_SECRET_ID : the OAuth2 shared secret ID provided by the IdP
      • SCOPE : (optional) the OpenID Connect attributes you want to get from the user at time of authentication (e.g. email, phone, address).

      <APPLICATION Parent="defaultgwc">
            <EXECUTION>
              <PATH>$(res.path.mypath)/myapplication</PATH>
              <MODULE> myapp.42r</MODULE>
              <DELEGATE service="services/OpenIDConnectServiceProvider">
                <IDP>https://accounts.google.com</IDP>        
                <SCOPE>email</SCOPE>        
                <CLIENT_PUBLIC_ID>XXXXXXXX.apps.googleusercontent.com</CLIENT_PUBLIC_ID>
                <CLIENT_SECRET_ID>XXXXXX-XXXXXX</CLIENT_SECRET_ID>        
              </DELEGATE>
            </EXECUTION>
          </APPLICATION>        

2. Execute a Genero Web Client application with SSO.
   1. Start your browser and enter the application URL. You are prompted to enter your OpenID Connect credentials.
   2. Click the sign in button. Your browser is redirected to the Identity Provider (IdP).
   3. Enter your credentials. If your credentials are valid, your browser is redirected to the Genero Web Client application. The application can then get OpenID Connect user information through environment variables such as OIDC_SUB.
      Note: The fglrun process is executed in the context of the GAS operating system user. For example, when using Apache, the program process will run in the context of the Apache user.