Authorize re-log in with SSO

Use this procedure to configure re-log in to a Genero application authenticated by SSO after an auto logout event.

The FGLGWS package provides a delegation web service for SSO OpenID Connect that supports the PROMPT (for auto logout) feature. In the example the PROMPT is set to use this delegation service:
<PROMPT Timeout="60" Type="DELEGATE">services/OpenIDConnectServiceProvider</PROMPT>
  1. Add a DELEGATE element in your application configuration (xcf) file.

    This example shows the application configuration for delegation and the auto logout prompt feature.

    Within the DELEGATE element, the GOOGLE_OPENID_PUBLIC_ID and GOOGLE_OPENID_SECRET_ID are values got when registering your GAS on the IdP, such as the Google developer console.

    <?xml version="1.0" encoding="UTF-8"?>
    <APPLICATION Parent="defaultgwc" >
      <EXECUTION>
        <PATH>$(res.deployment.path)</PATH>
        <MODULE>MyApp.42r</MODULE>
        <DELEGATE service="services/OpenIDConnectServiceProvider">
           <IDP>https://accounts.google.com</IDP> 
           <SCOPE>email</SCOPE> 
           <CLIENT_PUBLIC_ID>GOOGLE_OPENID_PUBLIC_ID</CLIENT_PUBLIC_ID>
           <CLIENT_SECRET_ID>GOOGLE_OPENID_SECRET_ID</CLIENT_SECRET_ID>
        </DELEGATE>
      </EXECUTION>
      <AUTO_LOGOUT>
        <TIMEOUT>10</TIMEOUT>
        <PROMPT Timeout="60" Type="DELEGATE">services/OpenIDConnectServiceProvider</PROMPT>
      </AUTO_LOGOUT>
    </APPLICATION>
  2. Add a PROMPT element in the AUTO_LOGOUT element

    The delegation service represents the GAS's SSO OpenIDConnect Service, which the user-agent will be redirected to when the user wants to re-log in. The Timeout represents the number of seconds the user-agent displays a screen or page to notify the user that a re-log in is required if he wants to continue.

    Once the user is authenticated by the service, the user-agent is redirected back to the GAS to resume the application.