Add OpenID Connect SSO to Web application
Add OpenID Connect SSO to a Genero Web application.
This task must be performed in the .xcf application configuration file.
Add
<DELEGATE service="OpenIDConnectServiceProvider">
to the application configuration
(.xcf) file.
Add the DELEGATE
tag to all Genero Browser Client applications requiring Single
sign-on (SSO), plus the 3 mandatory parameters :
- IDP : the IdP account (for example, https://accounts.google.com)
- CLIENT_PUBLIC_ID : the OAuth2 public id from the IdP
- CLIENT_SECRET_ID : the OAuth2 shared secret id from the IdP
- SCOPE : (optional) the OpenID Connect attributes you want to get at authentication (for example, email, phone, address)
<?xml version="1.0"?>
<APPLICATION Parent="defaultgwc">
<EXECUTION>
<PATH>$(res.path.qa)/applications/myapp</PATH>
<MODULE>App.42r</MODULE>
<DELEGATE service="OpenIDConnectServiceProvider" >
<IDP>https://accounts.google.com</IDP>
<SCOPE>email</SCOPE>
<CLIENT_PUBLIC_ID>XXXXXXXX.apps.googleusercontent.com</CLIENT_PUBLIC_ID>
<CLIENT_SECRET_ID>XXXXXX-XXXXXX</CLIENT_SECRET_ID>
</DELEGATE>
</EXECUTION>
</APPLICATION>
With the above configuration and default JGAS configuration, the delegation points to the OpenIDConnectServiceProvider.xcf added to the Genero Archive (gar) file referencing the delegation REST Web service in the $FGLDIR.
For more information about the DELEGATE
configuration element, see How to implement delegation.
The JGAS will handle the OpenID Connect protocol and start the Web application only when the user has been authenticated, otherwise an HTML error page is returned.