Over a million developers have joined DZone.

Authentication in Loopback Applications Against Bluemix

This article describes how to authenticate from LoopBack applications against the Single Sign On service in Bluemix so that you can leverage existing enterprise directories.

· Cloud Zone

Download the Essential Cloud Buyer’s Guide to learn important factors to consider before selecting a provider as well as buying criteria to help you make the best decision for your infrastructure needs, brought to you in partnership with Internap.

The Node.js API framework LoopBack supports third-party logins to authenticate users and to link accounts. 

Get the code from GitHub.

The Single Sign On service supports different identity providers. For example enterprise customers typically use SAML. If customers don’t have an SAML identity provider, they can install an Identity Bridge on premises which externalizes the SAML protocol to an LDAP version 3 compliant directory. In the sample below, I use a cloud directory with some test users, but the application code would be identical when using SAML.

LoopBack leverages passport to support third party logins via the loopback-component-passport module. The sample on GitHub shows how to authenticate against Facebook, Google, and Twitter.

In order to authenticate against the Single Sign On service, you need to use the passport-idaas-openidconnect module. The tricky part is to do the right configuration since the documentation is a little light. Here is the key part of the code. In order to read the credentials from the Bluemix context, the provider is not defined in a static property file but programmatically.

var options = {
 "provider": "ibm",
 "module": "passport-idaas-openidconnect",
 "strategy": "IDaaSOIDCStrategy",
 "clientID": ssoConfig.credentials.clientId,
 "clientSecret": ssoConfig.credentials.secret,
 "authorizationURL": ssoConfig.credentials.authorizationEndpointUrl,
 "tokenURL": ssoConfig.credentials.tokenEndpointUrl,
 "scope": "openid",
 "response_type": "code",
 "callbackURL": "/auth/ibm/callback",
 "skipUserProfile": true,
 "issuer": ssoConfig.credentials.issuerIdentifier,
 "authScheme": "openid connect",
 "authPath": "/auth/ibm",
 "session": true,
 "failureFlash": true
passportConfigurator.configureProvider("ibm", options);

After this, you can log in as a user defined in the cloud directory. Check out the screenshots folder for more details.



The Cloud Zone is brought to you in partnership with Internap. Read Bare-Metal Cloud 101 to learn about bare-metal cloud and how it has emerged as a way to complement virtualized services.


Published at DZone with permission of Niklas Heidloff, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}