GAS 3.20 new features

A summary of new features and changes in functionality introduced with Genero Application Server (GAS) 3.20.

Important: This page covers only those new features introduced with the Genero Application Server version specified in the page title. Check prior new features pages if you migrate from an earlier version. Make sure to also read the upgrade guide corresponding to this Genero version.

Corresponding upgrade guide: GAS 3.20 upgrade guide.

Previous new features guide: GAS 3.10 new features.

Table 1. Engine and Architecture
Overview Reference
The dispatcher configuration is enhanced to listen for incoming requests on a dedicated IP address. The address is specified by the LISTEN element. See LISTEN
With TCP_ADMIN_PORT you can specify a port for GAS administration tasks. See TCP_ADMIN_PORT
With END_URL you can specify a URL that the user agent redirects to when your Web application ends. See END_URL
The CACHE_CONTROL_MAX_AGE element allows you to specify the duration files sent by the GAS are held in front-end cache. See CACHE_CONTROL_MAX_AGE
The ENVIRONMENT_VARIABLE element has a Concat attribute, which allows you to manage how inherited parent configuration settings are handled; appended, prepended, or discarded. See ENVIRONMENT_VARIABLE
The gasadmin session command is enhanced with the --close-session and --close-all-sessions options. This provides for closing sessions gracefully, without displaying messages to the user agent. See gasadmin tool.
The following gasadmin commands are enhanced with list options:
  • gasadmin config --list lists all applications and services (not just the deployed ones) found in the GAS.
  • gasadmin gbc --list lists also all static and deployed GBC found.
See gasadmin tool.
Starting at 3.20.07
You can start the httpdispatch and fastcgidispatch dispatchers with an -s option to read override (-E) commands from a file. The option --dump-command can be used to verify the resulting command. See
Starting at 3.20.14
You can set the httpdispatch and fastcgidispatch dispatchers to write their process-ids to a file on disk with the --pid-file option of the command. See
The $(res.dir.separator) resource allows you to specify directory paths for all platforms in the same configuration. It resolves to either a forward slash "/" on a UNIX™-like system including macOS™ or a backward slash "\" on a Windows® system. No additional reference.
Starting at 3.20.19
The following gasadmin commands are enhanced:
  • The gasadmin session --list-sessions command is enhanced to display fglrun process ids started in the current session by the uaproxy or gwsproxy.
  • The gasadmin --version command now includes the date and time of when the GAS package was built.
See gasadmin tool.
Starting at 3.20.20
One license consumed per browser:

All applications started from the same browser count as one for licensing purposes, and therefore only one license is used.

See Genero front-ends and license counting
Starting at 3.20.21
On Unix-like platforms you can use systemd to manage the GAS dispatchers. You can perform various management tasks, such as starting and stopping the dispatcher, using systemctl commands. Templates for configuring GAS systemd are provided in FGLASDIR/systemd/
Warning:

The systemd feature is available on Linux® only.

See Systemd service template
Table 2. Web Services and the GAS
Overview Reference
With DELEGATE_OPTIONS you can specify whether to send the body or just HTTP headers for a service using delegation. See DELEGATE_OPTIONS (for a service)
Starting at 3.20.13
GIP authentication and access service security cookie updated with SameSite="Strict". See SameSite attribute is now recommended when setting HTTP cookies
Starting at 3.20.18
The GAS supports HTTP/2 requests when configured in the Web server. HTTP/2 is the default protocol when installing a Web server configured for HTTPS. See:
Table 3. Single Sign-On (SSO) and delegation
Overview Reference
Genero Identity Provider (GIP) integration to the GAS, ready to use with minimal settings. This will bring authentication and authorization mechanism to your apps. See Identity Provider (IdP).
The DELEGATE element provides a feature that allows a user to be logged out of the authentication server when a Web application is closed.
  • For OpenID Connect two new parameters are added for this configuration, IDP_LOGOUT_URL and SIGN_OFF.
  • For SAML authentication the log-out behavior is specified in the SIGN_OFF parameter.
See:
The DELEGATE element provides support for OAuth2 SSO authentication as used by identity providers (IdP) such as Facebook and Instagram.
  • There are enhancements to the ImportOAuth tool command. It supports parsing of its command-line arguments with getopt.
See OpenID Connect support for OAuth2 and The ImportOAuth program
The OpenID Connect service has three possible ways of authentication redirect: via an HTML submit form using GET or Post, or using the default HTTP 302. See Configure OAuth redirect with automatic form submit
The GetToken, DeployGar, and DeployGbc are command line tools for working with the GIP. They follow the FGL default for command options using getopt. See
The ImportIdP tool for managing SAML identity providers supports parsing of its command-line arguments with getopt. See The ImportIdP program
Starting at 3.20.14
The command tools GetToken, DeployGar, and DeployGbc can be run from a script set in the PATH environment. See
Use the oidc.oauth.request.format configuration entry to define the protocol format to use during OAuth code to ID token exchange. See Set exchange format for OAuth
The --keys option of ImportOAuth tells the OpenIDConnectService provider where to fetch the OAuth public keys, to validate the ID tokens before granting access to a Genero Application. See The ImportOAuth program.
By default, the OpenID Connect service performs the exchange of tokens for OAuth authentication in url-encoded format but you can configure this for JSON. See Set exchange format for OAuth
The oidc.app.start.mode configuration entry of the OpenidConnectServiceProvider service defines how the identity of the client is verified before starting the application. You can configure "gnonce" (genero number once) or a cookie. See Configure application starting mode
Starting at 3.20.20
The OpenID Connect service of FGLGWS has enhancements to how scopes are exchanged. The Genero Identity Provider (GIP) follows the standard RFC 8693 as the default method when creating OAuth ID and access tokens with the scope parameter. See Support for RFC 8693 in the Genero Identity Provider (GIP) creation of OAuth ID and access tokens with scopes
Table 4. Deployment
Overview Reference
The GAS allows you to provide your GBC client in the application path's gbc directory. See Provide GBC in application path.
The GIP Deployment App provides you with an interface to manage Genero Archives, and Genero Browser Clients deployed on the Genero Application Server (GAS). It replaces the legacy deployment portal web service.
  • There are enhancements to the GBC deployment page to display a list of static GBC found via the as.xcf GBC_LOOKUP_PATH.
See Deploying and securing applications and Web services and Set default GBC client with the Genero Deployment App
Note:

The new features listed in this topic are available in the latest version of the GAS. Contact your support channel for more details.