Use this procedure to configure re-log in to a Genero application authenticated by
OpenID Connect SSO after an auto logout event.
Note: The FGLGWS package provides a delegation Web service for SSO OpenID Connect that
supports the
PROMPT (for auto logout)
feature. In the example the
PROMPT is set to use this delegation
service:
<PROMPT Timeout="60" Type="DELEGATE">services/OpenIDConnectServiceProvider</PROMPT>
-
Add a
DELEGATE element in your application configuration
(xcf) file.
This example shows the application configuration for delegation and the auto logout
prompt feature.
Note: Within the
DELEGATE element, the
GOOGLE_OPENID_PUBLIC_ID and
GOOGLE_OPENID_SECRET_ID are values got
when registering your GAS on Google developer console. For more information see
Quick start: Set up OpenID Connect in the GAS.
<?xml version="1.0" encoding="UTF-8"?>
<APPLICATION Parent="defaultgwc" >
<EXECUTION>
<PATH>$(res.deployment.path)</PATH>
<MODULE>MyApp.42r</MODULE>
<DELEGATE service="services/OpenIDConnectServiceProvider">
<IDP>https://accounts.google.com</IDP>
<SCOPE>email</SCOPE>
<CLIENT_PUBLIC_ID>GOOGLE_OPENID_PUBLIC_ID</CLIENT_PUBLIC_ID>
<CLIENT_SECRET_ID>GOOGLE_OPENID_SECRET_ID</CLIENT_SECRET_ID>
</DELEGATE>
</EXECUTION>
<AUTO_LOGOUT>
<TIMEOUT>10</TIMEOUT>
<PROMPT Timeout="60" Type="DELEGATE">services/OpenIDConnectServiceProvider</PROMPT>
</AUTO_LOGOUT>
</APPLICATION>
-
Add a
PROMPT element in the AUTO_LOGOUT element
The delegation service represents the GAS's SSO OpenID Connect Service, which the
user-agent will be redirected to when the user wants to re-log in. The
Timeout represents the number of seconds the user-agent displays a
screen or page to notify the user that a re-log in is required if he wants to
continue.
Once the user is authenticated by the service, the user-agent is redirected back to the
GAS to resume the application.