Identity Provider (IdP)

An IdP provides a secure identity information service for authenticating users accessing your applications and web services. Using an IdP is recommended when implementing a Single sign-on (SSO) solution.

Identity providers rely on specifications such as OpenID-Connect, OAuth, and Security Assertion Markup Language (SAML) to grant access to web applications on behalf of an authenticated user, using access tokens of various kinds, but without providing the user's credentials to the application.

Genero comes with a ready-to-use Genero IdP, or you can use a third party IdP.

Providing authentication using the Genero IdP

Providing authentication using the Genero IdP is covered in these topics:

Providing authentication using a third-party IdP

To provide authentication for SSO using a third-party IdP:

Set up an account with a trusted IdP provider (such as Google).
As a third party registered on the authorization IdP server, you are issued with tokens (public and shared secret ids).
Use the tokens provided and add delegation to your application configuration files requiring authentication.
This allows you to provide access to the protected resources hosted by your web application.

For a full overview of configuring delegation for any supported protocol, see Configure applications for SSO delegation.

For protocol-specific configuration steps:

OpenID Connect – Add OpenID Connect SSO to web application
OAuth2 – Add OAuth2 SSO to web application
SAML – Add SAML SSO to a Genero web application

A Genero delegate service is delivered in $FGLDIR/web_utilities/services for SAML, OAuth2, and OpenID Connect. These manage all delegated requests for applications or services run on the GAS. For details, go to The services directory.