The Single Sign On service supports different identity providers. For example enterprise customers typically use SAML. If customers don’t have an SAML identity provider, they can install an Identity Bridge on premises which externalizes the SAML protocol to an LDAP version 3 compliant directory. In the sample below, I use a cloud directory with only one test user, but the application code would be identical when using SAML.
In the Node.js application, passport and passport-idaas-openidconnect are used. passport-idaas-openidconnect is a passport authentication strategy for the IBM Bluemix Single Sign On service. Check out authentication.js for details.
The sample code relies on cookies which are sent with the client requests and validated on the server. For cloud-native applications, the validation needs to work when multiple instances of applications are run. My colleague, Tim Robinson, documented in the article Scale single sign-on for your Node.js cloud apps how to do this by leveraging Redis. My sample is very similar but uses Mongo instead of Redis.
Follow the instructions in the README to set up the sample application. Since, as a developer, I prefer to develop locally, I documented how to configure the local development environment. After everything is set up correctly, you’ll be able to log on and access the user information in the server side code.