Genero delegation and GIP service

A delegation service redirects the start of an application configured for SSO to the identity provider that authenticates the user. A REST web service for performing delegation, and a Genero Identity Provider (GIP) for securing applications and web services are part of the FGLGWS installation.

The Genero delegation and GIP services are located in the $FGLDIR/web_utilities/services directory.
Figure: Contents of $FGLDIR/web_utilities/services


This directory contains application configuration files (xcf) for services running on the Genero Web Server that support delegation. Identity providers that provide SSO rely on specifications such as OpenID-Connect, OAuth2, and Security Assertion Markup Language (SAML). The directories contain files that implement delegation for the named SSO protocol:

gip
This directory contains files that implement Genero's own identity provider – the Genero Identity Provider (GIP) for securing applications and RESTful web services. You must install and configure the GIP on a Genero Application Server before it can be used. For details, go to Genero Identity Provider (GIP).
openid-connect
This directory contains files that implement a delegation web service to support Identity Providers using the OpenID Connect/OAuth2 single sign-on protocol. The core protocol is OAuth2, while the OpenID Connect is an identity protocol that utilizes the authorization and authentication mechanisms of OAuth 2.0. OpenID Connect is the latest evolution of the OpenID authentication technology used for web applications that handle many users. You have to be registered on one of the trusted identity providers so that users can be authenticated with single sign-on for your web applications. If you are using an IdP using OpenID Connect/OAuth2 SSO, go to the OpenID Connect/OAuth2 SSO section.
saml
This directory contains files that implement a delegation web service to support Identity Providers using the Security Assertion Markup Language (SAML) single sign-on protocol. SAML is used for standard web applications that handle many users. SAML is intended for private or intranet web applications. You have to be registered on one of the trusted identity providers so that users can be authenticated with single sign-on on for your web applications. If you are using an IdP using SAML SSO, go to the SAML SSO section.