Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Authentication in Loopback Applications Against Bluemix

DZone's Guide to

Authentication in Loopback Applications Against Bluemix

This article describes how to authenticate from LoopBack applications against the Single Sign On service in Bluemix so that you can leverage existing enterprise directories.

· Cloud Zone
Free Resource

Site24x7 - Full stack It Infrastructure Monitoring from the cloud. Sign up for free trial.

The Node.js API framework LoopBack supports third-party logins to authenticate users and to link accounts. 

Get the code from GitHub.

The Single Sign On service supports different identity providers. For example enterprise customers typically use SAML. If customers don’t have an SAML identity provider, they can install an Identity Bridge on premises which externalizes the SAML protocol to an LDAP version 3 compliant directory. In the sample below, I use a cloud directory with some test users, but the application code would be identical when using SAML.

LoopBack leverages passport to support third party logins via the loopback-component-passport module. The sample on GitHub shows how to authenticate against Facebook, Google, and Twitter.

In order to authenticate against the Single Sign On service, you need to use the passport-idaas-openidconnect module. The tricky part is to do the right configuration since the documentation is a little light. Here is the key part of the code. In order to read the credentials from the Bluemix context, the provider is not defined in a static property file but programmatically.

var options = {
 "provider": "ibm",
 "module": "passport-idaas-openidconnect",
 "strategy": "IDaaSOIDCStrategy",
 "clientID": ssoConfig.credentials.clientId,
 "clientSecret": ssoConfig.credentials.secret,
 "authorizationURL": ssoConfig.credentials.authorizationEndpointUrl,
 "tokenURL": ssoConfig.credentials.tokenEndpointUrl,
 "scope": "openid",
 "response_type": "code",
 "callbackURL": "/auth/ibm/callback",
 "skipUserProfile": true,
 "issuer": ssoConfig.credentials.issuerIdentifier,
 "authScheme": "openid connect",
 "authPath": "/auth/ibm",
 "session": true,
 "failureFlash": true
};
passportConfigurator.configureProvider("ibm", options);

After this, you can log in as a user defined in the cloud directory. Check out the screenshots folder for more details.

login-2

login-3

Site24x7 - Full stack It Infrastructure Monitoring from the cloud. Sign up for free trial.

Topics:
cloud ,bluemix ,ibm

Published at DZone with permission of Niklas Heidloff, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}