DELEGATE

The DELEGATE element specifies the Genero REST service the initial /ua/r or /ws/r request is forwarded to, in order to perform additional verification before starting the application or service.

Syntax

<DELEGATE service=name>
  <IDP>...</IDP>
  [<SCOPE>...</SCOPE>]
  <CLIENT_PUBLIC_ID>...</CLIENT_PUBLIC_ID>
  <CLIENT_SECRET_ID>...</CLIENT_SECRET_ID>
  [<anyparameter1>any-value</anyparameter1>]
  [<anyparameter2>any-value</anyparameter2>]
</DELEGATE>
  1. The service attribute must specify in the name the group and name of the Genero REST service in charge of handling requests.
    • For applications, the delegate service is OpenIDConnectServiceProvider
    • For web services, the delegate service is GeneroAccessService
  2. The IDP element defines the URL of the Identity Provider. This element is mandatory.
  3. The SCOPE element is different for applications and web services:
    • For applications, SCOPE (for application) identifies user attributes provided by Identity Provider at time of authentication. This element is optional.
    • For web services, SCOPE (for service) defines scopes (permissions) to access the service. This element is optional and may be used to secure a low level REST service.
  4. The CLIENT_PUBLIC_ID element defines the OAuth2 public ID provided by the Identity Provider.
    • For applications, this element is mandatory.
    • For web services, this element is optional.
  5. The CLIENT_SECRET_ID element defines a secret shared by the registered application and the Identity Provider.
    • For applications, this element is mandatory.
    • For web services, this element is optional.
  6. All other child elements are optional and, if present, are passed as parameters to the REST service using HTTP headers.
Important:
Some web servers convert all HTTP header names to lowercase. For example, a parameter called AnyParameter in the configuration, in the header may become:
x-fourjs-environment-parameter-anyparameter

Therefore, it is not recommended to rely on case in the naming of parameters as there is no guarantee that it will be preserved. When working with HTTP headers in your Genero program code, make sure you allow for this by converting them to either upper or lower case.

Child elements

The DELEGATE element contains the following child element:

  1. One IDP element.
  2. Zero or one SCOPE (for service) element.
  3. Zero or one SCOPE (for application) element.
  4. Zero or one CLIENT_PUBLIC_ID element.
  5. Zero or one CLIENT_SECRET_ID element.

When working with a Single Sign-on (SSO) solution, child elements of the DELEGATE element are specific to the identity provider (IdP). You will need to add the appropriate tags to work with your IdP. These tags are documented by your IdP.

Usage

You use this element to delegate the start of a web application to another Genero REST service in order to perform some controls before granting access and starting the application or service. The DELEGATE element is used for all Genero web applications and services requiring Single sign-on (SSO). For examples of application configurations using Single sign-on (SSO), see the Single Sign-On User Guide

You may also use the element to configure the SSO log out options at the close of the application with, for example, redirection to a logout URL. However, this will depend on how fully your IdP follows the standard logout protocol, which varies depending on the IdP. For examples, see Configure OpenID Connect SSO log out or Configure SAML SSO log out pages in the Single Sign-On User Guide

The Genero Application Server dispatcher passes the request to the REST service identified as the delegation service if the type of request is defined by the /ua/r or /ws/r path segments in the application URI.

Delegate configuration example for application

<?xml version="1.0" encoding="UTF-8" ?>
<APPLICATION Parent="defaultwa"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:noNamespaceSchemaLocation="http://www.4js.com/ns/gas/5.00/cfextwa.xsd">
  <EXECUTION>
    <PATH>$(res.deployment.path)</PATH>
    <MODULE>myApp.42r</MODULE>
    <DELEGATE service="services/OpenIDConnectServiceProvider">      
       <IDP>https://accounts.myOIDCIdp.com</IDP>
       <SCOPE>email</SCOPE> 
       <CLIENT_PUBLIC_ID>XXXXXXXX.apps.myOIDCIdpusercontent.com</CLIENT_PUBLIC_ID>
       <CLIENT_SECRET_ID>XXXXXX-XXXXXX</CLIENT_SECRET_ID>
    </DELEGATE>
  </EXECUTION>
</APPLICATION>

Delegate configuration example for service

<?xml version="1.0" encoding="UTF-8" ?>
<APPLICATION Parent="ws.default"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:noNamespaceSchemaLocation="https://4js.com/ns/gas/5.00/cfextws.xsd">
   <EXECUTION>
      <PATH>$(res.deployment.path)</PATH>
      <MODULE>CalculatorServer</MODULE>     
      <DELEGATE service="services/GeneroAccessService">
        <IDP>http://localhost:6394/ws/r/services/GeneroIdentityProvider</IDP>
        <SCOPE>profile profile.me</SCOPE>
      </DELEGATE>
    </EXECUTION>
</APPLICATION>

Parent elements

This element is a child of one of the following elements: