Add OpenID Connect SSO to Web application

Add OpenID Connect SSO to a Genero Web application.

This task must be performed in the .xcf application configuration file.

Add <DELEGATE service="services/OpenIDConnectServiceProvider"> to the application configuration (.xcf) file.

Add the DELEGATE tag to all Genero Browser Client applications requiring Single sign-on (SSO), plus the 3 mandatory parameters :

IDP : the IdP account (for example, https://accounts.google.com)
CLIENT_PUBLIC_ID : the OAuth2 public id from the IdP
CLIENT_SECRET_ID : the OAuth2 shared secret id from the IdP
SCOPE : (optional) the OpenID Connect attributes you want to get at authentication (for example, email, phone, address)

<?xml version="1.0"?>
<APPLICATION Parent="defaultgwc"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:noNamespaceSchemaLocation="http://www.4js.com/ns/gas/4.01/cfextwa.xsd">
  <EXECUTION>
    <PATH>$(res.path.qa)/applications/myapp</PATH>
    <MODULE>App.42r</MODULE>
      <DELEGATE service="services/OpenIDConnectServiceProvider" >
          <IDP>https://accounts.google.com</IDP>        
          <SCOPE>email</SCOPE>        
          <CLIENT_PUBLIC_ID>XXXXXXXX.apps.googleusercontent.com</CLIENT_PUBLIC_ID>
          <CLIENT_SECRET_ID>XXXXXX-XXXXXX</CLIENT_SECRET_ID>        
      </DELEGATE>
  </EXECUTION>
</APPLICATION>

With the above configuration and default GAS configuration, the delegation points to the delegation REST Web service in the $FGLDIR.

The Genero Application Server will handle the OpenID Connect protocol and start the Web application only when the user has been authenticated, otherwise an HTML error page is returned.