Configure application starting mode

Configure how the OpenIDConnect service handles the redirect back to the browser to start the app.

In a single sign-on (SSO) handshake, the Genero OpenIDConnect service redirects the client to the Identity Provider (IdP) for authentication.

Once the SSO handshake is done and the OpenID Connect service has granted access, the Genero web service redirects the browser to start the initial Genero application by setting a cookie or a "gnonce" (genero number once) value.

The preferred method is to set the entry to "gnonce" rather than "cookie". When apps are started in browser tabs in quick succession, cookies may get mixed up and applications may fail to start. Set the entry to "gnonce" to avoid this known issue, as the once-off number generated ensures the identity of the client.

If you want to change the default application starting mode configuration, set the oidc.app.start.mode entry in the OpenIDConnect service configuration.

  1. Open the configuration file $FGLDIR/web_utilities/services/openid-connect/res/configuration.
  2. Locate the entry oidc.app.start.mode
  3. Do one of the following:
    • Set oidc.app.start.mode = "gnonce".

      gnonce is the default option.

      The SSO authentication service uses the gnonce sent by the client to establish identity.

    • Set oidc.app.start.mode = "cookie".

      The SSO authentication service uses a cookie sent by the client to verify the identity of the client before starting the app.