Authorize re-log in with SSO

Use this procedure to configure re-log in to a Genero application authenticated by SSO after an auto logout event.

The FGLGWS package provides a delegation web service for SSO OpenID Connect that supports the PROMPT (for auto logout) feature. In the example the PROMPT is set to use this delegation service:
<PROMPT Timeout="60" Type="DELEGATE">services/OpenIDConnectServiceProvider</PROMPT>
  1. Add a DELEGATE element in your application configuration (xcf) file.

    This example shows the application configuration for delegation and the auto logout prompt feature.

    Within the DELEGATE element, the GOOGLE_OPENID_PUBLIC_ID and GOOGLE_OPENID_SECRET_ID are values got when registering your GAS on the IdP, such as the Google developer console. 

    <?xml version="1.0" encoding="UTF-8"?>
<APPLICATION Parent="defaultgwc" >
  <EXECUTION>
    <PATH>$(res.deployment.path)</PATH>
    <MODULE>MyApp.42r</MODULE>
    <DELEGATE service="services/OpenIDConnectServiceProvider">
       <IDP>https://accounts.google.com</IDP> 
       <SCOPE>email</SCOPE> 
       <CLIENT_PUBLIC_ID>GOOGLE_OPENID_PUBLIC_ID</CLIENT_PUBLIC_ID>
       <CLIENT_SECRET_ID>GOOGLE_OPENID_SECRET_ID</CLIENT_SECRET_ID>
    </DELEGATE>
  </EXECUTION>
  <AUTO_LOGOUT>
    <TIMEOUT>10</TIMEOUT>
    <PROMPT Timeout="60" Type="DELEGATE">services/OpenIDConnectServiceProvider</PROMPT>
  </AUTO_LOGOUT>
</APPLICATION>
  2. Add a PROMPT element in the AUTO_LOGOUT element

    The delegation service represents the GAS's SSO OpenIDConnect Service, which the user-agent will be redirected to when the user wants to re-log in. The Timeout represents the number of seconds the user-agent displays a screen or page to notify the user that a re-log in is required if he wants to continue.

    Once the user is authenticated by the service, the user-agent is redirected back to the GAS to resume the application.