OpenID Connect/OAuth2 SSO
OpenID Connect/OAuth2 is a Single sign-on (SSO) protocol based on OAuth authentication and is supported by the Genero Application Server. It is based on a Genero REST service and is delivered in the Genero Web Services package under $FGLDIR/web_utilities/services/openid-connect.
This page introduces OpenID Connect/OAuth2 SSO with the Genero Application Server. The child topics in this section cover protocol selection, GAS configuration, identity provider integration, metadata and token handling, authorization rules, service‑to‑service authentication, and application behaviour during login and logout.
OpenID Connect and OAuth2 in this section
OpenID Connect and OAuth2 share many concepts, and both are supported by the Genero Application Server. OpenID Connect extends OAuth2 by adding authentication and user identity features. OAuth2 provides the authorization and token framework, while OpenID Connect supplies identity data and discovery endpoints used to obtain token and certificate URLs. Some identity providers implement OpenID Connect, while others support only OAuth2. The topics in this section reflect both approaches and indicate where the configuration or capabilities differ.
When an end-user requests access to an application or web service implemented with SSO, the Identity Provider (IdP) provides ID and access tokens defined by the OAuth2 protocol. These tokens give access to the application or resource after a single sign-in with a username and password.
To learn more about OpenID Connect, refer to the OpenID Connect web site.
Read all of the OpenID Connect/OAuth2 topics in this section for details on the features provided by OpenID Connect/OAuth2 SSO support in the Genero Application Server, including attribute retrieval, authorization control, and integration options for different identity providers.