Hello there!

Need Help? We are right here!

Support Icon
miniOrange Email Support
success

Thanks for your enquiry. Our team will soon reach out to you.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com

Search Results:

×

Node.js Single Sign-On (SSO)


Node.js JWT Single Sign-On (SSO) solution by miniOrange provides secure Single Sign-On access into Node.js application using a single set of login credentials. This is done using JSON Web Token (JWT) tokens and it can be easily integrated with Node.js built in any framework or language. You can enable social login for your users to get secure access to applications using any of their existing social providers such as Facebook, Twitter, Google, or LinkedIn.

With miniOrange Node.js SSO, you get:

  • Seamless user login experience.
  • Endless customizations to your login forms and pages.
  • Simplified customer or user on-boarding.


Connect with External Source of Users


miniOrange provides user authentication from various external sources, which can be Directories (like ADFS, Microsoft Active Directory, Azure AD, OpenLDAP, Google, AWS Cognito etc), Identity Providers (like Shibboleth, Ping, Okta, OneLogin, KeyCloak), Databases (like MySQL, Maria DB, PostgreSQL) and many more.



Follow the step-by-step guide given below for Node.js Single Sign-On (SSO)

1. Configure Node.js in miniOrange

A. Add Node.js app in miniOrange:

In miniOrange dashboard, you can add JWT application with steps below:

  • Login into miniOrange Admin Console.
  • Go to Apps >> Add Application button.
  • Node.js SSO (Single Sign-On): add app

  • In Choose Application Type click on Create App button in JWT application type.
  • Node.js SSO (Single Sign-On): choose app type

  • In the next step, search for Node.js application from the list. If your application is not found, search for External / JWT App and you can set up your Application.
  • Node.js SSO (Single Sign-On): external app

  • Configure the name for Node.js and configure Redirect-URL which tells where to send JWT response.
  • Redirect-URL should be an endpoint on Node.js where you want to achieve SSO: https://<Node.js-application-base-url>/auth/callback
  • In case you are setting up SSO with Mobile Applications your endpoint could be in the following format: myapps://auth/callback
  • Copy Client ID of the generated application and keep it with you for next the steps.

B. Add SSO link in Node.js:

  • https://login.xecurify.com/moas/broker/login/jwt/<customer-id>?client_id=<client-id>&redirect_uri=<redirect-url>
  • You need to replace below values in URL:

    customer-id Customer ID of your miniOrange account which can be found under settings menu.Refer image below.
    client-id Client Id of JWT application created above(Step 3.a).
    redirect-url Configured Redirect URL against JWT application.
  • Get CustomerID.
  • Go to the Settings section, present on the top right corner.
  • Copy the value mentioned against Customer Key
  • Node.js SSO (Single Sign-On): customer key


C. Verify JWT token and parse user details for SSO:

  • On your Callback endpoint, you can read and parse the JWT token.
  • Structure of JSON Web Token (JWT): JSON Web Tokens consist of three parts separated by dots (.), which are:
    • Header: Contains the signature algorithm name used to sign the payload.
    • Payload: Contains user attributes.
    • Signature: Signature value of the payload. eg. xxxx.yyyyyyyyyyyy.zzzzzz
  • You will need to download a certificate from App > Manage Apps and click Certificate link against your configured application. This certificate will be used for signature validation of the JWT response.
  • Node.js SSO (Single Sign-On): certificate link

  • Verify JSON web token: Click here to verify your JSON token.

D. Perform SSO:

  • Once you have added the link above on Node.js, you can verify the Node.js SSO setup by clicking on that link.
  • On successful authentication, you will be redirected to configured Redirect or Callback URL with JWT token.

2. Configure miniOrange in Node.js Application

Copy following Sample Code for setting up the Node.js application.


const fs = require("fs");
const MoJWT = require("mo-jwt-connector");
//This URL can be copied from JWT app in miniOrange dashboard

const miniOrangeSSOURL =
"https://jsdemo.xecurify.com/moas/broker/login/jwt/258267?client_id=lXN6XGc1yoh8M6Gd&redirect_uri=http://localhost:3000/auth/callback";
// start authentication request
app.get("/auth", (req, res, next) => {
res.redirect(miniOrangeSSOURL);
});
// authentication callback
app.get("/auth/callback", (req, res, next) => {
var id_token = req.query.id_token;
// var cert = fs.readFileSync("cert.crt");
var jwtBuilder = new MoJWT.JWTBuilder();
console.log("Parts " + id_token.split(".").length);
jwtBuilder.parseJwt(id_token); // initialize the token using parseJwt
jwtBuilder.setSecret(fs.readFileSync("./path/to/RSA256Cert.crt",'utf8')); // Set the certificate downloaded from miniOrange dashboard
var verified = jwtBuilder.verifyJwt(); // Verify the signed token
if (!verified) res.send("Error Occurred while verifying JWT Token");
var payload = jwtBuilder.getPayload(); // If the token is valid, use getPayload to read the data from the token.
var firstname = payload.first_name;
var lastname = payload.last_name;
var email = payload.email;
res.send(
"Email : " + email +
"
Firstname : " + firstname + "
Lastname: " + lastname ); });


3. Test SSO Configuration

Test SSO login to your Node.js account with miniOrange IdP:

Using IDP Initiated Login

  • Login to miniOrange IdP using your credentials.
  • Node.js Single Sign-On (SSO) login

  • On the Dashboard, click on Node.js application which you have added, to verify SSO configuration.
  • Node.js Single Sign-On (SSO) verify configuration



Not able to configure or test SSO?


Contact us or email us at idpsupport@xecurify.com and we'll help you setting it up in no time.




4. Login Using Social Provider (Optional)

miniOrange provides user authentication from various external sources, which can be Directories (like ADFS, Microsoft Active Directory, Azure AD, OpenLDAP, Google, AWS Cognito etc), Identity Providers (like Okta, Shibboleth, Ping, OneLogin, KeyCloak), Databases (like MySQL, Maria DB, PostgreSQL) and many more. You can configure your existing directory/user store or add users in miniOrange.




External References

Want To Schedule A Demo?

Request a Demo
  



Our Other Identity & Access Management Products