DELEGATE
The DELEGATE
element specifies the Genero REST service the initial /ua/r or
/ws/r request is
forwarded to, in order to perform additional verification before starting the application or
service.
Syntax
<DELEGATE service=name>
<IDP>...</IDP>
[
<SCOPE>...</SCOPE>]
<CLIENT_PUBLIC_ID>...</CLIENT_PUBLIC_ID>
<CLIENT_SECRET_ID>...</CLIENT_SECRET_ID>
[
<anyparameter1>any-value</anyparameter1>]
[
<anyparameter2>any-value</anyparameter2>]
</DELEGATE>
- The
service
attribute must specify in the name the group and name of the Genero REST service in charge of handling requests.- For applications, the delegate service is
OpenIDConnectServiceProvider
- For web services, the delegate service is
GeneroAccessService
- For applications, the delegate service is
- The
IDP
element defines the URL of the Identity Provider. This element is mandatory. - The
SCOPE
element is different for applications and web services:- For applications, SCOPE (for application) identifies user attributes provided by Identity Provider at time of authentication. This element is optional.
- For web services, SCOPE (for service) defines scopes (permissions) to access the service. This element is optional and may be used to secure a low level REST service.
- The
CLIENT_PUBLIC_ID
element defines the OAuth2 public ID provided by the Identity Provider.- For applications, this element is mandatory.
- For web services, this element is optional.
- The
CLIENT_SECRET_ID
element defines a secret shared by the registered application and the Identity Provider.- For applications, this element is mandatory.
- For web services, this element is optional.
- All other child elements are optional and, if present, are passed as parameters to the REST service using HTTP headers.
AnyParameter
in the configuration, in the header may
become:x-fourjs-environment-parameter-anyparameter
Therefore, it is not recommended to rely on case in the naming of parameters as there is no guarantee that it will be preserved. When working with HTTP headers in your Genero program code, make sure you allow for this by converting them to either upper or lower case.
Child elements
The DELEGATE
element contains the following child element:
- One IDP element.
- Zero or one SCOPE (for service) element.
- Zero or one SCOPE (for application) element.
- Zero or one CLIENT_PUBLIC_ID element.
- Zero or one CLIENT_SECRET_ID element.
When working with a Single Sign-on (SSO) solution, child
elements of the DELEGATE
element are specific to the identity provider (IdP). You
will need to add the appropriate tags to work with your IdP. These tags are documented by your
IdP.
Usage
You use this element to delegate the start of a web application to another Genero REST service in
order to perform some controls before granting access and starting the application or service. The
DELEGATE
element is used for all Genero web applications and services requiring
Single sign-on (SSO). For examples of application configurations using Single sign-on
(SSO), see the Single Sign-On User Guide
You may also use the element to configure the SSO log out options at the close of the application with, for example, redirection to a logout URL. However, this will depend on how fully your IdP follows the standard logout protocol, which varies depending on the IdP. For examples, see Configure OpenID Connect SSO log out or Configure SAML SSO log out pages in the Single Sign-On User Guide
The Genero Application Server dispatcher passes the request to the REST service identified as the delegation service if the type of request is defined by the /ua/r or /ws/r path segments in the application URI.
Delegate configuration example for application
<?xml version="1.0" encoding="UTF-8" ?>
<APPLICATION Parent="defaultwa"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://www.4js.com/ns/gas/5.00/cfextwa.xsd">
<EXECUTION>
<PATH>$(res.deployment.path)</PATH>
<MODULE>myApp.42r</MODULE>
<DELEGATE service="services/OpenIDConnectServiceProvider">
<IDP>https://accounts.myOIDCIdp.com</IDP>
<SCOPE>email</SCOPE>
<CLIENT_PUBLIC_ID>XXXXXXXX.apps.myOIDCIdpusercontent.com</CLIENT_PUBLIC_ID>
<CLIENT_SECRET_ID>XXXXXX-XXXXXX</CLIENT_SECRET_ID>
</DELEGATE>
</EXECUTION>
</APPLICATION>
Delegate configuration example for service
<?xml version="1.0" encoding="UTF-8" ?>
<APPLICATION Parent="ws.default"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="https://4js.com/ns/gas/5.00/cfextws.xsd">
<EXECUTION>
<PATH>$(res.deployment.path)</PATH>
<MODULE>CalculatorServer</MODULE>
<DELEGATE service="services/GeneroAccessService">
<IDP>http://localhost:6394/ws/r/services/GeneroIdentityProvider</IDP>
<SCOPE>profile profile.me</SCOPE>
</DELEGATE>
</EXECUTION>
</APPLICATION>