Use this procedure to configure re-log in to a Genero application authenticated by
OpenID Connect SSO after an auto logout event.
Note:
The FGLGWS package provides a delegation Web service for SSO OpenID Connect that supports the
PROMPT (for auto logout)
feature. In the example the
PROMPT
is set
to use this delegation
service:
<PROMPT Timeout="60" Type="DELEGATE">services/OpenIDConnectServiceProvider</PROMPT>
-
Add a
DELEGATE
element in your application configuration
(xcf) file.
This example shows the application configuration for delegation and the auto logout
prompt feature.
Note:
Within the DELEGATE
element, the GOOGLE_OPENID_PUBLIC_ID
and
GOOGLE_OPENID_SECRET_ID
are values got when registering your GAS on Google
developer console.
<?xml version="1.0" encoding="UTF-8"?>
<APPLICATION Parent="defaultgwc" >
<EXECUTION>
<PATH>$(res.deployment.path)</PATH>
<MODULE>MyApp.42r</MODULE>
<DELEGATE service="services/OpenIDConnectServiceProvider">
<IDP>https://accounts.google.com</IDP>
<SCOPE>email</SCOPE>
<CLIENT_PUBLIC_ID>GOOGLE_OPENID_PUBLIC_ID</CLIENT_PUBLIC_ID>
<CLIENT_SECRET_ID>GOOGLE_OPENID_SECRET_ID</CLIENT_SECRET_ID>
</DELEGATE>
</EXECUTION>
<AUTO_LOGOUT>
<TIMEOUT>10</TIMEOUT>
<PROMPT Timeout="60" Type="DELEGATE">services/OpenIDConnectServiceProvider</PROMPT>
</AUTO_LOGOUT>
</APPLICATION>
-
Add a
PROMPT
element in the AUTO_LOGOUT
element
The delegation service represents the GAS's SSO OpenID Connect Service, which the
user-agent will be redirected to when the user wants to re-log in. The
Timeout
represents the number of seconds the user-agent displays a
screen or page to notify the user that a re-log in is required if he wants to
continue.
Once the user is authenticated by the service, the user-agent is redirected back to the
GAS to resume the application.