Firebase provides authentication options like backend services, easy-to-use SDKs, and ready-made UI libraries to authenticate users to your app. It supports authentication using passwords, phone numbers, popular federated identity providers like Google, Facebook and Twitter, and more. Firebase Authentication integrates tightly with other Firebase services, and it leverages industry standards like OAuth 2.0 and OpenID Connect, so it can be easily integrated with custom backend.
We will be demonstrating below how we can achieve Single Sign-On(SSO) into Firebase using one or multiple SAML 2.0 compliant Identity Provider. We will be using miniOrange cloud service to achieve this. We support all known IDPs like miniOrange, Google Apps, ADFS, Okta, OneLogin, Azure AD, Salesforce, Shibboleth, SimpleSAMLphp, OpenAM, Centrify, Ping, RSA, IBM, Oracle, Bitium, WSO2, NetIQ etc.
STEP 1: Setup Identity Source in miniOrange
IdP Identifier | Unique Identifier for the Identity Source. This unique identifier has to be sent from Firebase in request to miniOrange. This attribute is used to distinguish between different IDPs. |
IdP Display Name | Display Name for the Identity Source. |
SAML SSO Login URL | SAML SSO Login URL. It is mapped to the SingleSignOnService element in the metadata. |
IdP Entity ID | It is mapped to the EntityDescriptor element in the metadata. The entityID value needs to be used. |
X.509 Certificate | It is mapped to the signing certificate for the IDPSSODescriptor for the protocolSupportEnumeration as urn:oasis:names:tc:SAML:2.0:protocol. The value of the child element X509Certificate needs to be used. |
STEP 2: Setting up miniOrange in Identity Provider
STEP 3: Setup Firebase app in miniOrange
Custom Application Name | Firebase |
Redirect-URL (required) | The URL of the endpoint (in your Firebase application) receiving the JWT Token. |
STEP 4: Send Request to miniOrange
<script src="/crypto-js/3.1.2/components/core-min.js"></script>
<script src="/components/sha256.js"></script>
<script src="/components/enc-base64.js"></script>
<script src="/rollups/aes.js"></script>
<script src="/components/mode-ecb.js"></script>
<script src="/components/pbkdf2.js"></script>
<script src="/components/pas-nopadding.js"></script>
<script>
function sendRequest(idpName)
{
var appSecret = ""; //miniOrange App Secret
var tokenKey = ""; //miniOrange Token Key of Customer
var customerId = ""; //miniOrange Customer ID
var responseUrl = ""; //Response URL (configured in Step 2)
var date = new Date();
var currentTimestamp = date.getTime();
var inputString = currentTimestamp + ":" + appSecret;
var keyHex = CryptoJS.enc.Utf8.parse(tokenKey);
var cipherText = CryptoJS.enc.Base64.stringify(CryptoJS.AES.encrypt(inputString, keyHex, {mode:CryptoJS.mode.ECB}).ciphertext);
var redirectUrl = "https://login.xecurify.com/moas/broker/login/jwt/" + customerId + "/"
+ idpName + "?token=" + cipherText + "&returnUrl=" + responseUrl;
window.location = redirectUrl;
}
</script>
STEP 5: Modify JWT Response
function modifyJwtResponse(token)
{
//CONFIGURATION PARAMETERS
var iss = ""; //Project's Service Account Email Address
var sub = ""; //Project's Service Account Email Address
var aud = "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit"; //Required audience value
var base64Url = token.split('.')[1];
var base64 = base64Url.replace('-', '+').replace('_', '/');
var decodedToken = JSON.parse(window.atob(base64));
//MODIFY JWT VALUES BELOW
decodedToken['iss'] = iss;
decodedToken['sub'] = sub;
decodedToken['aud'] = aud;
//Base64 Encode Token
var encodedToken = btoa(JSON.stringify(decodedToken));
//CREATE NEW JWT TOKEN
var newToken = token.split('.');
var newJwtToken = newToken[0] + "." + encodedToken + "." + newToken[2];
return newJwtToken;
}
firebase.auth().signInWithCustomToken(token).catch(function(error)
{
// Handle Errors here.
var errorCode = error.code;
var errorMessage = error.message;
// ...
});
miniOrange provides 24/7 support for all the Secure Identity Solutions. We ensure high quality support to meet your satisfaction.
Try Nowminiorange provides most affordable Secure Identity Solutions for all type of use cases and offers different packages based on customer's requirement.
Request A QuoteWe offer Secure Identity Solutions for Single Sign-On, Two Factor Authentication, Adaptive MFA, Provisioning, and much more. Please contact us at -
+1 978 658 9387 (US) , +91 77966 99612 (India) | info@xecurify.com