The services directory

This topic describes the contents of the $FGLDIR/web_utilities/services directory, which includes the Delegation and Genero Identity Provider (GIP) service components used to support SSO and application security.

The Genero delegation and GIP services are located in the $FGLDIR/web_utilities/services directory.
Figure: Contents of $FGLDIR/web_utilities/services


This directory contains .xcf configuration files for services that run on the Genero Web Server and support delegation. Each file configures a different service. The screenshot also shows three subdirectories—gip, openid-connect, and saml—each of which contains files that implement delegation for a specific SSO protocol. The following entries explain the role of each directory:

gip
This directory contains files that implement Genero's own identity provider – the Genero Identity Provider (GIP) for securing applications and RESTful web services. You must install and configure the GIP on a Genero Application Server before it can be used. For details, go to Genero Identity Provider (GIP).
openid-connect
This directory contains files that implement a delegation web service to support Identity Providers using the OpenID Connect/OAuth2 single sign-on protocol. The core protocol is OAuth2, while the OpenID Connect is an identity protocol that utilizes the authorization and authentication mechanisms of OAuth 2.0. OpenID Connect is the latest evolution of the OpenID authentication technology used for web applications that handle many users. You have to be registered on one of the trusted identity providers so that users can be authenticated with single sign-on for your web applications. If you are using an IdP using OpenID Connect/OAuth2 SSO, go to the OpenID Connect/OAuth2 SSO section.
saml
This directory contains files that implement a delegation web service to support Identity Providers using the Security Assertion Markup Language (SAML) single sign-on protocol. SAML is used for standard web applications that handle many users. SAML is intended for private or intranet web applications. You have to be registered on one of the trusted identity providers so that users can be authenticated with single sign-on on for your web applications. If you are using an IdP using SAML SSO, go to the SAML SSO section.