SSO 5.00 new features

A summary of new features and changes in functionality introduced with single sign-on 5.00.

Important:

This page covers only those new features introduced with the single sign-on version specified in the page title. Check prior new features pages if you migrate from an earlier version. Make sure to also read the upgrade guide corresponding to this Genero version.

Corresponding upgrade guide: SSO 5.00 upgrade guide.

Previous new features guide: SSO 4.01 new features.

Table 1. Single Sign-On (SSO) and delegation
Overview	Reference
The `--discover` or `-d` option of ImportOAuth is added to support OpenID Connect.	See ImportOAuth
The `--parameter` or `-m` option of ImportOAuth is added to allow an extra parameter, like a domain for authentication, to be included in the request to the identity provider.	See ImportOAuth
The `--show` or `-s` option of ImportOAuth is added to show details for a specified identity provider stored in the database.	See ImportOAuth
Authorization scopes are renamed Authorization roles, and the GIP now provides them as "roles" instead of "scopes" in the ID token.	See Authorization scopes are renamed Authorization roles and Manage authorization roles
The OAUTH API has a new method called `OAuthAPI.GetIdRoles()` to explicitly retrieve authorization roles from ID tokens.	See New method GetIdRoles() for retrieving authorization roles
The Genero OpenIDConnect service of FGLGWS now decodes ID tokens containing roles instead of scopes, and creates a new environment variable called `OIDC_ROLES` containing the list of roles.	See OpenIDConnect service supports OIDC_ROLES and Retrieve roles and scopes
Starting at 5.00.02
The FGLGWS `GeneroAccessService` service has enhancements to how scopes are managed. The Genero Identity Provider can now secure a web service from scopes set in the configuration file (xcf).	See The GeneroAccessService supports scopes set in configuration file
Starting at 5.00.03
The ImportOAuth tool, which registers endpoints provided by an identity provider, has an update to its `--show` option to display an identity provider's registration endpoint.	See Using an identity provider's registration endpoint and ImportOAuth

Note:

The new features listed in this topic are available in the latest versions of the FGLGWS and GAS. Contact your support channel for more details.