Add OpenID Connect SSO to Web application
Add OpenID Connect SSO to a Genero Web application.
This task must be performed in the .xcf application configuration file.
Add
<DELEGATE service="services/OpenIDConnectServiceProvider">
to the application configuration
(.xcf) file.
Add the DELEGATE
tag to all Genero Browser Client applications requiring Single
sign-on (SSO), plus the 3 mandatory parameters :
- IDP : the IdP account (for example, https://accounts.google.com)
- CLIENT_PUBLIC_ID : the OAuth2 public id from the IdP
- CLIENT_SECRET_ID : the OAuth2 shared secret id from the IdP
- SCOPE : (optional) the OpenID Connect attributes you want to get at authentication (for example, email, phone, address)
<?xml version="1.0"?>
<APPLICATION Parent="defaultgwc"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://www.4js.com/ns/gas/4.01/cfextwa.xsd">
<EXECUTION>
<PATH>$(res.path.qa)/applications/myapp</PATH>
<MODULE>App.42r</MODULE>
<DELEGATE service="services/OpenIDConnectServiceProvider" >
<IDP>https://accounts.google.com</IDP>
<SCOPE>email</SCOPE>
<CLIENT_PUBLIC_ID>XXXXXXXX.apps.googleusercontent.com</CLIENT_PUBLIC_ID>
<CLIENT_SECRET_ID>XXXXXX-XXXXXX</CLIENT_SECRET_ID>
</DELEGATE>
</EXECUTION>
</APPLICATION>
With the above configuration and default GAS configuration, the delegation points to the delegation REST Web service in the $FGLDIR.
The Genero Application Server will handle the OpenID Connect protocol and start the Web application only when the user has been authenticated, otherwise an HTML error page is returned.