Single sign-on (SSO) overview

Single sign-on is user authentication that permits a user to log in once when accessing Genero applications and services delivered by a Genero Application Server (GAS).

Single sign-on is a common form of authentication that allows a user to enter one name and password to access one or more applications. To use SSO, a user must have a user account with the Identity Provider (IdP) providing access to your protected applications.

Using SSO provides several advantages:
  • It provides a better user experience. Users use their existing credentials to access many Genero web applications without having to re-enter their credentials each time.
  • It provides you with the services of an IdP to manage registering and authenticating users. This service can be provided by a third party IdP or Genero's own identity provider – the Genero Identity Provider (GIP).

SSO authenticates by delegation; therefore, two components must combine to provide SSO – a delegation service and an identity provider:

Delegation service

The delegation service redirects the start of an application configured for SSO to the IdP that authenticates the user. The GAS has a delegation service running that acts as a proxy to the IdP, passing control to the IdP to perform authentication before granting access and starting the application or service. The delegation service manages the scope – permissions for access to resources – granted in tokens provided by the IdP. The delegation service is provided as part of the FGLGWS package. For details, go to The services directory.

For an illustration of how the SSO process works, go to the Single sign-on workflow page. For more details, read the How delegation works page in the Genero Application Server User Guide.

Identity Provider (IdP)

The IdP is the entity in charge of managing and authenticating users. It handles the user log in and grants access to web applications and services on behalf of an authenticated user, providing access tokens of various kinds but without providing the user's credentials to the application. For more information on using an IdP, go to Identity Provider (IdP)