SAML SSO

Security Assertion Markup Language (SAML) is a Single sign-on (SSO) protocol supported by the Genero Application Server. It is based on a Genero REST service and is delivered in the Genero Web Services package under $FGLDIR/web_utilities/services/saml.

This page introduces SAML-based SSO with the Genero Application Server. The child topics describe configuration details, trust relationships, deployment considerations, and the behavior of the SAML service.

Genero SAML establishes a circle of trust between the service provider (the Genero Application Server) and the SAML identity provider, the entity responsible for managing and authenticating users.

The Genero SAML service requires a database to store SAML data related to the protocol. By default, it uses the $FGLDIR/web_utilities/services/saml/bin/saml.db SQLite database. The user running the web server must have write permissions on this database; otherwise the service cannot store SAML data. For details on using a different database engine, see Specify a database to store SAML data.

Note:

Genero implements only version 2.0 of the SAML specification and supports only the HTTP-POST bindings. It is intended for Genero web applications.