Table of contents


Official Content

To set up the environment described in Single Sign on for Rest Services using GAM, you should consider following some configuration steps in the two GAM Application clients and the Identity Provider (IDP).

Here, note the client-side configuration.

For clarity, let's agree on some terms first.

  • The "Client A" is an application that will be authenticated against an IDP and will be calling a Rest service of another Application "Client B".
  • The Identity Provider "IDP" is an application that will be giving SSO Rest tokens to the applications that authenticate from "Client A" to it.

 

Defining GAM Applications in the Server where's exposed the Rest Service

You have to configure a GAM Application for each application that you want to interact with "Client A" and "Client B".

From the "Client A" and "Client B" in GAM Application at panel "Configuration" into "Remote Authentication" tab, set the Client ID and Client Secret of the Application that will be interacting with this client. 

image_202091021412_1_png

From the "SSO Rest" tab, do the following:

  1. Set Enable SSO Rest services to TRUE.
  2. Configure Mode SSO Rest to Client.
  3. Set "User Authentication Name in this server" to the Authentication Type that you want to impersonate in the application. It has to be the name of some Authentication Type of this client, which you want to impersonate when the client sends an SSO Rest Token to the IDP to verify the validity of the token; the User is created in this GAM (and the GAM session is updated).
    For example, you can configure it to the name of the GAM Remote rest authentication that you'll be defining next (1).
  4. Set Server URL to the IDP's URL.

image_2020910214712_1_png

 

Defining GAM Applications in the Server where's consumed the Rest Service

From the "Client A"  in GAM Application at panel "Configuration" into "Remote Authentication" tab, set the Client ID and Client Secret of the Application that will be interacting with this client. 

image_202091021412_1_png

From the "SSO Rest" tab, do the following:

  1. Set Enable SSO Rest services to TRUE.
  2. Configure Mode SSO Rest to Client.
  3. Set "User Authentication Name in this server" to the Authentication Type that you want to impersonate in the application. It has to be the name of some Authentication Type of this client, which you want to impersonate when the client sends an SSO Rest Token to the IDP to verify the validity of the token; the User is created in this GAM (and the GAM session is updated).
    For example, you can configure it to the name of the GAM Remote rest authentication that you'll be defining next (1).
  4. Set Server URL to the IDP's URL.

image_2020910214712_1_png

 

See Also

Server-side configuration for SSO in Rest applications

Last update: February 2024 | © GeneXus. All rights reserved. GeneXus Powered by Globant