Identity Provider (IdP)
An IdP provides a secure identity information service for authenticating users accessing your applications and Web services. Using an IdP is recommended when implementing a Single sign-on (SSO) solution.
Identity providers rely on specifications such as OpenID-Connect, OAuth, and Security Assertion Markup Language (SAML) to grant access to Web applications on behalf of an authenticated user, using access tokens of various kinds, but without providing the user's credentials to the application.
Providing authentication using a third-party IdP
- Set up an account with a trusted IdP provider (such as Google.)
As a third party registered on the authorization IdP server, you are issued with tokens (public and shared secret ids).
- Use the tokens provided and add delegation to your application configuration files requiring
authentication.
This allows you to provide access to the protected resources hosted by your Web application.
- OpenID Connect (OIDC) identity provider.
- SAML identity provider.
How it works
When a user accesses your application or Web service, they are redirected to the IdP provider for authentication. Depending on the type of IdP provider, an HTTP accept/reject response is returned in either a signed XML assertion document (SAML) or a signed JSON document (OpenID Connect) via the Genero delegate service.
If access is allowed, the delegate service then extracts from the returned document some user
data before starting the application on the GAS. Once an application has been started after user
authentication by the IdP, environment variables are provided defining the user role and access. The
environment can be retrieved in your Genero application via fgl_getenv()
instructions.