GAM External Web Services Authentication Type

Official Content
This documentation is valid for:

Using External Web Services Authentication Type there are two versions of the web services supported by GAM. The supported web services versions are 1.0 and 2.0. The version depends on the signature of the web service, that is, the data type of the "in" and "out" parameters it sends and receives. The web service can be generated with any tool, but it must meet some requirements, related to its soap message format.

This document explains how to give users the possibility to authenticate using GeneXus Access Manager external web services Authentication.

How to authenticate using GAM external web services authentication type

1. Define a new (Authentication Type) using GAM Web Backoffice.

It has to be "External Web Services Authentication" Type.


Figure 1. Java external web service


Figure 2. Csharp external web service.

As seen in figure 1 and 2, you have to specify the location of the web service, protocol, and all the necessary information to connect to the web service.

You need to specify the web service version (1.0 or 2.0)

The "Encryption Key" is useful in case of Genexus web services because the Encrypt64 function is used to encrypt the username and password when sent to the web service. You have to set the Encryption key used in the web service for decrypting the user and password received.

Note that the best way to protect the data is by using HTTPS.

2. Program "External Web Services Authentication" login in the Smart Devices application

The login External method of SDActions external object is used. In this case, the first parameter sent to the method must be "ExternalWebService".

Event 'ExternalLogin'

As since GeneXus 15, the syntax is as follows:

Event 'ExternalLogin'

3. Program "External Web Services Authentication" login in the web application

The following code is an example of executing the external login in web applications. In the case of web panels, the Login method of GAMRepository object is used. You need to define a variable of GAMLoginAdditionalParameters in order to specify the AuthenticationType, which is going to be used.

See the GAMExampleLogin web panel (which is part of the GAM Examples), where this code is used:

&AdditionalParameter.AuthenticationTypeName = &LogOnTo //&LogOnTo is a combo box where the user selects the authentication type he wants to use. 
                                                       //This is the name of the Authentication Type. Using the example shown in figure 1 it would be "Testws2.0".
&LoginOK = GAMRepository.Login(&UserName, &UserPassword, &AdditionalParameter, &Errors )//&Errors is collection of GAMError


Only one "External Web Service" Authentication Type can be defined for each GAM Repository.

LoginExternal method considerations

As since GeneXus 15 in SD applications, the Actions external object adds the LoginExternal method which supports the &AdditionalParameters parameter.

For previous versions, additional parameters cannot be passed to the web service, as the LoginExternal method of SDActions object does not allow this parameter.

See Also

GAM Custom Authentication Type
Managing Roles through external authentication programs
HowTo: Pass additional parameters to external authentication programs using GAM
¿Cómo autenticar desde mi aplicación GeneXus que utiliza el GAM contra los usuarios que están en un sitio de GXportal?



Cómo depurar errores cuando se usa Tipo de Autenticación por web services externos y el GAM