Deploy an application NOT using the Genero Deployment App

Deploy and secure an application without using the Genero Deployment App.

About this task

When you deploy and secure an application without using the Genero Deployment App, you must first register the app using the Genero Console App, then add the configuration information required by the Genero Application Server to start the application using the security provided by the Genero Identity Provider.

  1. Register the app in the GIP using the Genero Console App.
    1. Open the Genero Console App.
    2. Select Applications > New app or Applications > New service to service app.
      Note: The New service to service app option is not related to a Web service! It refers to a script application (an application running without an identified user and with no user interface). For example, you may have a batch process that runs nightly to gather information from different services. As there is no user or user interface, you must first register the script application and assign it scopes. The interface will return the CLIENT_ID and SECRET_ID that you will have to use in the GetToken command line tool to retrieve a valid access token with the authorized scope. The script can then use the access token to access the resources. See Automatize application deployment via scripts for an example that uses the GetToken command line tool.
      The Registering a new application form appears.
    3. In the Info section of the form, complete the fields.
      The Name must match the name of the application configuration file.
      The Client ID and Secret ID are generated for you. You will need these values later in this procedure.
      The Redirect URLs can use "localhost" when all components – the Genero Identity Provider (GIP), the User Info Profile Service, and the application – are installed on the same GAS. Otherwise, you must specify the exact callback URL where the OpenIDConnectServiceProvider is set to receive a notification from the GIP.
      Important: Input the redirect URL for a new app only. There is no redirect URL for a new service app.
    4. If you selected New app, the interface includes panels where you can select authorization scopes, required scopes, and optional scopes.
      When you select an authorization scope, any user with that authorization scope will be able to start the application. You can select multiple authorization scopes.
      Required scopes are those scopes that the user must have to successfully use the application.
      Optional scopes are those scopes that a user would need to use specific parts of the application, however a user without those scopes can still be successful using parts of the application.
    5. If you selected New service to service app, the interface includes a panel where you can select scopes.
      For a service to service app, you do not specify Authorization scopes, as these apps are not run by a user. You can only select scopes; you can select multiple scopes.
    6. Click Create.
      The app is registered.
  2. Create your app XCF using the appropriate delegate service for an application as described here: Quick start: Set up OpenID Connect in the GAS.
    The application configuration file should resemble this example:
    <?xml version="1.0" encoding="UTF-8" ?>
    <APPLICATION Parent="defaultgwc"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
      xsi:noNamespaceSchemaLocation="http://www.4js.com/ns/gas/3.20/cfextwa.xsd">
     <EXECUTION>
       <PATH>$(res.deployment.path)</PATH>
       <MODULE>HelloWorld.42r</MODULE>
       <DELEGATE service="services/OpenIDConnectServiceProvider">
         <IDP>localhost</IDP>
         <CLIENT_PUBLIC_ID>C4805A1E-1766-4945-BEC4-E54F115D9E24</CLIENT_PUBLIC_ID>
         <CLIENT_SECRET_ID>rv6sQN/DjNfGYcE+4wq+VVVAFwoj8u7i</CLIENT_SECRET_ID>
       </DELEGATE>
     </EXECUTION>
    </APPLICATION> 
    The <PATH> entry must point to the executable of your app, you will likely have to modify this entry.
    The OpenIDConnectServiceProvider delegation protects applications.

    The <IDP> entry of localhost is valid when everything runs on the same Genero Application Server. Otherwise, you must provide the GIP URL. For example: http://othermachine.com:6394/ws/r/services/GeneroIdentityProvider

  3. Install the application configuration file (.xcf) on the GAS without the deploymentApp, in a dedicated GAS group or in the default app group.
    For instructions on configuring applications and adding them to the GAS without the use of the deployment portal, read the topics in the section Configuring applications on GAS.
  4. Access you application; it is protected by the GIP.
    To determine the URL needed to access your application, review the topic URI Examples.