Quick start: Set up SAML in the JGAS

Follow these steps to set up SAML for your JGAS and Genero Web applications.

In this quick start, you configure Genero Browser Client applications for SAML Single sign-on (SSO), add them to a gar file that is embedded it in a war file with the JGAS. Then you execute the applications with SSO in JGAS.

  1. Copy SAMLServiceProvider.xcf from the FGLDIR\web_utilities\services to your work directory.
    Note: In JGAS it is recommended that you only embed the xcf file referencing the delegation REST Web service in the $FGLDIR you will use. This allows you to redeploy the war without having to recreate the circle of trust and reconfigure SSO each time.
  2. Add a DELEGATE element to all Genero Web applications requiring SSO. 
    <APPLICATION Parent="defaultgwc">
      <EXECUTION>
        <PATH>$(res.path.mypath)/myapplication</PATH>
        <MODULE> myapp.42r</MODULE>
        <DELEGATE service="SAMLServiceProvider">      
        </DELEGATE>
      </EXECUTION>
    </APPLICATION>
  3. Build the Genero Archive file (gar) using the fglgar tool.
    At the command line of your work directory type the command that includes your application files and the OpenID Connect service xcf file as shown:
    fglgar gar --application myApp.xcf --service SAMLServiceProvider.xcf --output work.gar
    The work.gar is created.
  4. Run the fglgar war command to package the Genero Archive and JGAS in a war archive. 
    fglgar war --input-gar work.gar --output work.war

    The work.war file is created.

    The war is ready to be deployed.

  5. Run the fglgar run command to start the JGAS in standalone mode. 
    fglgar run --war work.war
    Note: SSO requests require HTTPS, and as JGAS has limited HTTPS support (for instance, there is no option to use your own SSL certificate as in the standard GAS), therefore it is only recommended to deploy the war in the standalone JGAS for testing. For development, deploy in any existing Java Enterprise Edition container such as Apache Tomcat®, Jetty, or Glassfish where HTTPS is configured.
  6. Execute a Genero Browser Client application with SSO.
    1. Start your browser and enter the application URL. See Run an application in JGAS.
      You are prompted to enter your OpenID Connect credentials.
    2. Click the signin button.
      Your browser is redirected to the Identity Provider (IdP).
    3. Enter your credentials.
      If your credentials are valid, your browser is redirected to the Genero Browser Client application.
The next time you start the same application - or any application delivered by the same JGAS - you will not be prompted for your credentials. The application will start (and be authenticated for) the same SAML user.
Tip: Read all of the topics in this section for details on features provided by SAML SSO support in the JGAS; including attributes gathering or authorization control.