Follow these steps to set up SAML for your JGAS and Genero Web applications.
In this quick start, you configure Genero Browser Client applications for SAML Single sign-on
(SSO), add them to a gar file that is embedded it in a war
file with the JGAS. Then you execute the applications with SSO in JGAS.
-
Copy SAMLServiceProvider.xcf from the
FGLDIR\web_utilities\services to your work
directory.
Note: In JGAS it is recommended that you only embed the
xcf file referencing the delegation REST Web service in the
$FGLDIR you will use. This allows you to redeploy the war
without having to recreate the circle of trust and reconfigure SSO each time.
-
Add a
DELEGATE
element to all Genero Web applications requiring SSO.
<APPLICATION Parent="defaultgwc">
<EXECUTION>
<PATH>$(res.path.mypath)/myapplication</PATH>
<MODULE> myapp.42r</MODULE>
<DELEGATE service="SAMLServiceProvider">
</DELEGATE>
</EXECUTION>
</APPLICATION>
-
Build the Genero Archive file (gar) using the fglgar
tool.
At the command line of your
work directory type the command that includes
your application files and the OpenID Connect service
xcf file as
shown:
fglgar gar --application myApp.xcf --service SAMLServiceProvider.xcf --output work.gar
The work.gar is created.
-
Run the fglgar war command to package the Genero Archive and JGAS in a war
archive.
fglgar war --input-gar work.gar --output work.war
The work.war file is created.
The war is ready to be deployed.
-
Run the fglgar run command to start the JGAS in standalone mode.
fglgar run --war work.war
Note: SSO requests require HTTPS, and as JGAS has limited HTTPS support
(for instance, there is no option to use your own SSL certificate as in the standard GAS), therefore
it is only recommended to deploy the war in the standalone JGAS for testing.
For development, deploy in any existing Java Enterprise Edition container such as Apache Tomcat®,
Jetty, or Glassfish where HTTPS is configured.
-
Execute a Genero Browser Client application with SSO.
-
Start your browser and enter the application URL. See Run an application in JGAS.
You are prompted to enter your OpenID Connect credentials.
-
Click the signin button.
Your browser is redirected to the Identity Provider (IdP).
-
Enter your credentials.
If your credentials are valid, your browser is redirected to the Genero Browser Client
application.
The next time you start the same application - or any application delivered by the same JGAS -
you will not be prompted for your credentials. The application will start (and be authenticated for)
the same SAML user.
Tip: Read all of the topics in this section for details on features
provided by SAML SSO support in the JGAS; including attributes gathering or authorization
control.