Genero Identity Platform components
Services, applications, and tools work together to secure applications and services and perform Single sign-on (SSO) for applications delivered by a Genero Application Server (GAS).
The Genero Identity Platform is made up of a set of applications and services to handle user authentication; additional components allow you to deploy and secure applications and web services without having to add authentication logic to your application sources. Figure 1 represents a high level view of the components that make up the Genero Identity Platform.
Main components
Passwords are stored in the GIP database as hash values, not as plain text. Hash password storage provides essential security in case your database is stolen or compromised by a hacker, because a password can not be reverse engineered from a hash.
When a user types the URL of a secure application into a browser, the GIP performs an identity check on the user from a log in. If the user's identity is verified and they are allowed access, the user is redirected to the application.
Some application and service components of the GIP are secured by the GIP and access to them requires user log in. These are shown in Figure 1 with the padlock symbol.
| Component | Role | Description |
|---|---|---|
| Core Services | Authentication | Authenticates users, manages SSO, and creates access and identity tokens. See Genero Identity Provider (GIP). |
| OpenIDConnectServiceProvider | Delegation | Manages SSO delegation for applications, validates identity tokens, and provides access tokens for REST service requests. See OpenID Connect/OAuth2 SSO. |
| Access | Delegation | Validates and forwards access tokens for requests between applications and REST web
services, based on WSScope scopes. See Enable access token decoding and WSScope in Genero Business Development Language User Guide. |
| Profile Service | User profiling | Manages user profiles for SSO. Accessed through the Console App. See Manage users. |
| Console App | Administration | Provides a secure interface for registering applications and web services to be secured by the GIP, and for managing users and groups. Administrators can also view current tokens and revoke a token's ability to renew. See Managing GIP components. |
| Tools | Command-line | The GIP integrates with command-line tools including GetToken, DeployGar, and DeployGbc. See Tools and Commands. |
| Starter App | Installation / Upgrade | Used for the initial configuration of the GIP. Run once to set the administrator login and password. Also used when setting up a distributed environment to specify the host where the GIP is located. See Configure the primary Genero Identity Provider and Migrate your Genero Identity Provider database. |
Additional components
When you install the GIP, you are given the option to install additional microservices and applications.
| Component | Role | Description |
|---|---|---|
| Deployment Service | Deployment | Deploys, secures, and manages applications, web services, and GBC customizations on each GAS. See Deploying and securing applications and web services. |
| Deployment App | Administration | Provides a secure interface to the Deployment Service. See Deploying and securing applications and web services. |
| SharedFile Service | File sharing | Pushes and shares files between users. See Share files using the SharedFile App. |
| SharedFile App | Administration | Provides a secure interface to the SharedFile Service. Must be installed on the same GAS as the SharedFile App. See Share files using the SharedFile App. |