Official Content

The following is a graphic view of the execution flow of SSO when using GeneXus Access Manager (GAM).

The system components are client applications and an Identity Provider (server) application. All of them have Enable Integrated Security property = True, and are configured according to Single Sign On in applications using GAM.

  1. A request to a private object is issued to the client. 
  2. The client application checks if there is a valid session against the local GAM database.
  3. If there isn't a valid session, a redirect to the Identity Provider is issued.
  4. The Identity Provider checks if there is a valid session in the GAM database.
  5. If there isn't a valid session, the GAMRemoteLogin object is redirected so that the user can enter his credentials there.
  6. Technically, the Identity Provider sends information to the client, and the client responds with a POST to ask for the Access Token of the session. With that Access Token, the client asks for the user information to the Identity Provider. The session is stored locally on the client.
  7. Return authenticated.

i2015_04_30_12_15_142_png

While the session is valid on the client, the client immediately responds the request.

i2015_04_30_12_16_593_png

If the user asks for a private object running on another client application (within the same browser instance), the flow is as follows:

  1. Request to private object.
  2. Check if there is a valid session in the local GAM of the client.
  3. If there isn't a valid session, redirect to the Identity Provider.
  4. The Identity Provider checks if there is a valid session on GAM.
  5. If there is a valid session, it redirects to the client application sending a response. Technically, the client validates the response and executes an HTTP POST asking for the Access Token of the session. Given that Access Token, the client asks the Identity Provider to send the user information. The session is stored locally on the client.
  6. Return authenticated.

i2015_04_30_12_21_174_png

For details see Behind the scenes of GAM SSO implementation

See Also

GAM - GAMRemote Authentication Type

Last update: February 2024 | © GeneXus. All rights reserved. GeneXus Powered by Globant