Hello there!

Need Help? We are right here!
support
miniOrange Email Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com

Single Sign-On (SSO) for Firebase Application

miniOrange provides Cloud and On-premise single sign-on (SSO) solutions for Firebase Application using Compliant Identity provider (IDP) with JWT protocol. This is done using JSON Web Token (JWT) tokens and it can be easily integrated with Firebase Application built in any framework or language.

Firebase Application

Firebase is the best platform for mobile application development which produces quality apps with features like app indexing, cloud messaging, remote configuration, hosting and In-app advertising. Firebase provides authentication options like backend services, easy-to-use SDKs, and ready-made UI libraries to authenticate users to your app. It supports authentication using passwords, phone numbers, popular federated identity providers like Google, Facebook and Twitter, and more. Firebase Authentication integrates tightly with other Firebase services, and it leverages industry standards like JWT, OAuth 2.0 and OpenID Connect, so it can be easily integrated with custom backend.

We will be demonstrating below how we can achieve Single Sign-On(SSO) into Firebase using one or multiple SAML 2.0 compliant Identity Provider. We will be using miniOrange cloud service to achieve this. We support all known IDPs like miniOrange, Google Apps, ADFS, Okta, OneLogin, Azure AD, Salesforce, Shibboleth, SimpleSAMLphp, OpenAM, Centrify, Ping, RSA, IBM, Oracle, Bitium, WSO2, NetIQ etc.


Features of Firebase



Firebase Authentication

Every application needs a secure and simplified login facility. Firebase authentication carry's out that responsibility with a simple sign-in process including mobile application.

Real-time Database

NoSQL has stored data synced in json format which helps in connecting every user in real time and user can access their data using web and mobile application using firebase.

App Indexing

Firebase allows mobile app developers with App Indexing which helps the mobile application gain higher ranks in Google Search and app marketplaces like Play Store.

In-app Advertising

Firebase framework allows user to opt for advertisements to display in the mobile apps. In-app advertising is an easy way to increase revenue via adds using mobile apps.

Hosting

Hosting is a simple process in Firebase web and mobile app development which lets you deploy a single page web application and a mobile app landing page with less efforts.

Cloud Messaging

Firebase also allows Cloud Messaging for mobile applications which is used to achieve real-time communication by easily sending a message to users.

Integrated Google Analytics

As Firebase is a Google supported API, it offers the user access to Google Analytics for mobile application. Firebase allows user to send mobile app data to BigQuery to analyse user experience, and user interactions, user behavior.

Remote Configuration for Apps

To avoid waiting for long procedures to get new data for your web and mobile applications, Firebase Remote Configuration provides an instant change in functionality of application without uploading the latest version.

Pre-requisites:

This solution can be achieved by following steps:

We can connect with any External IDP/Directory

miniOrange provides user authentication from external directories like Microsoft Active Directory, Azure AD, OpenLDAP, Google, AWS Cognito etc. It also provides user authentication with other IDPs like Shibboleth, PING, Okta, OneLogin, KeyCloak and many more.

miniorange as idp

miniOrange IDP
Shibboleth as an IDP

Shibboleth
ping as an idp

PING
directory services google as external directory

Google
directory services AD/LDAP as external directory

Microsoft AD
directory services google as external directory

Azure AD

directory services aws cognito as external directory

Okta
directory services aws cognito as external directory

AWS Cognito
directory services aws cognito as external directory

KeyCloak
directory services aws cognito as external directory

One Login
directory services aws cognito as external directory

Centrify

Can't find your IDP ? Contact us on idpsupport@xecurify.com. We'll help you set it up in no time.



Step 1: Setup Identity Source in miniOrange

The first step involves setting up the Identity Source in miniOrange. This step can be repeated for the number of IDP instances against which authentication needs to be done.

  • Login to miniOrange Admin Console.
  • Navigate to the Identity Providers tab.
  • Click on Add Identity Source button on the top right.
    • Firebase Application identity source

  • The following configuration settings need to be done:
    IdP Identifier Unique Identifier for the Identity Source. This unique identifier has to be sent from Firebase in request to miniOrange. This attribute is used to distinguish between different IDPs.
    IdP Display Name Display Name for the Identity Source.
    SAML SSO Login URL SAML SSO Login URL. It is mapped to the SingleSignOnService element in the metadata.
    IdP Entity ID It is mapped to the EntityDescriptor element in the metadata. The entityID value needs to be used.
    X.509 Certificate It is mapped to the signing certificate for the IDPSSODescriptor for the protocolSupportEnumeration as urn:oasis:names:tc:SAML:2.0:protocol. The value of the child element X509Certificate needs to be used.
  • Click on Save.
  • For detailed step by step guide click here.

Step 2: Configure miniOrange settings in your Identity Provider

  • Copy SAML ACS URL value as given in the screenshot above. This is the login URL for miniOrange.
  • Set Entity ID/Issuer as https://login.xecurify.com/moas

Step 3: Configure Firebase Application with miniOrange

  • Login to miniOrange Admin Console.
  • Go to Apps >> Manage Apps. Click on Add Application button.
    • Firebase Single Sign-On (SSO): add app

  • Select JWT App.
    • Firebase Single Sign-On (SSO): saml jwt app

  • Click on Firebase.
    • Firebase Single Sign-On (SSO): select firebase app

    Firebase Single Sign-On (SSO): add jwt app

  • In Add Apps tab enter the values and click on Save.
    Custom Application Name Choose appropriate name according to your choice.
    Description Add appropriate description according to your choice.
    Redirect-URL JWT Endpoint fetched from JWT in the previous step.
  • To configure App secret go to Edit against your configured app, Apps>>Select your app>>Edit
    • Firebase Single Sign-On (SSO): edit-jwt-app

    Firebase Single Sign-On (SSO): add app secret jwt

    App Secret The API Token fetched from Firebase dashboard
    Signature Algorithm Choose HS256
  • Click on Save.
  • Now, You can access Firebase Account Using IDP credentials through the Single-sign-on URL as shown in image above.

Step 4: Send Request to miniOrange

In miniOrange dashboard, you can add JWT application with steps below:

  • In order to send request to miniOrange, a custom token needs to be formed and sent from Firebase application. This will include the identifier (configured in Step 1) of Identity Provider (e.g.ADFS) against which authentication needs to be done.
  • For cryptographic purposes, use the CryptoJS library.
  • To get the Customer ID and Token Key, the following steps need to be performed:
      • 1) Navigate to the miniOrange Admin Console.
      2) Login with the miniOrange Account credentials.
      3) Navigate to the Settings.
      4) Note down the Customer ID and Token Key.

  • The below code accepts IdPName (String) as a parameter. This parameter is the same value as configured in Step 1 which is used to distinguish different IDPs.
  • For testing purpose, create a sample html file & call the following functions on document load.
  • NOTE: You need to replace the Token Key, Customer ID and Response URL for your miniOrange account and added application. Sample Javascript Code for Sending Request to miniOrange.
  • Add the following crypto JS files in your code:
    • 
<script src="/crypto-js/3.1.2/components/core-min.js"></script>
<script src="/components/sha256.js"></script>
<script src="/components/enc-base64.js"></script>
<script src="/rollups/aes.js"></script>
<script src="/components/mode-ecb.js"></script>
<script src="/components/pbkdf2.js"></script>
<script src="/components/pas-nopadding.js"></script>
<script>
function sendRequest(idpName) 
{ 	
  var appSecret = "";    //miniOrange App Secret 
  var tokenKey = "";     //miniOrange Token Key of Customer 
  var customerId = "";   //miniOrange Customer ID 
  var responseUrl = "";  //Response URL (configured in Step 2) 
  var date = new Date(); 
  var currentTimestamp = date.getTime(); 
  var inputString = currentTimestamp + ":" + appSecret;
  var keyHex = CryptoJS.enc.Utf8.parse(tokenKey);
  var cipherText = CryptoJS.enc.Base64.stringify(CryptoJS.AES.encrypt(inputString, keyHex, {mode:CryptoJS.mode.ECB}).ciphertext); 
    
  var redirectUrl = "https://login.xecurify.com/moas/broker/login/jwt/" + customerId + "/" + idpName + "?token=" + cipherText + "&returnUrl=" + responseUrl;
    
  window.location = redirectUrl;
}
</script>

Step 5: Modify JWT Response

  • At this point authentication with IDP should work but the user will not be logged into Firebase. When IDP sends a SUCCESS, miniOrange will send a JWT response to the Response URL(Firebase URL which will process the response). The Response URL needs to modify the JWT Response so that it is compatible with Firebase standards.
  • NOTE: You need to replace iss, sub and aud values based on your Firebase project.
  • Sample Javascript Code for modifying JWT Response :
    • 
function modifyJwtResponse(token)
{ 
  //CONFIGURATION PARAMETERS 
  var iss = "";        //Project's Service Account Email Address 
  var sub = "";        //Project's Service Account Email Address 
  var aud = "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit"; //Required audience value
  var base64Url = token.split('.')[1]; 
  var base64 = base64Url.replace('-', '+').replace('_', '/'); 
  var decodedToken = JSON.parse(window.atob(base64));
  //MODIFY JWT VALUES BELOW 
  decodedToken['iss'] = iss; 
  decodedToken['sub'] = sub; 
  decodedToken['aud'] = aud; 
  //Base64 Encode Token 
  var encodedToken = btoa(JSON.stringify(decodedToken));
  //CREATE NEW JWT TOKEN 
  var newToken =  token.split('.'); 
  var newJwtToken = newToken[0] + "." + encodedToken + "." + newToken[2]; 
  return newJwtToken;
}

  • The new token can be used to authenticate the user in Firebase using the signInWithCustomToken() function.

    • 
				 
firebase.auth().signInWithCustomToken(token).catch(function(error)
{ 
	// Handle Errors here. 
	var errorCode = error.code; 
	var errorMessage = error.message; 
	// ... 
});


Why Our Customers choose miniOrange Secure Identity Solutions ?


24/7 Support

miniOrange provides 24/7 support for all the Secure Identity Solutions. We ensure high quality support to meet your satisfaction.

Try Now

Affordable Pricing

miniorange provides most affordable Secure Identity Solutions for all type of use cases and offers different packages based on customer's requirement.

Request A Quote


We offer Secure Identity Solutions for Single Sign-On, Two Factor Authentication, Adaptive MFA, Provisioning, and much more. Please contact us at -

   +1 978 658 9387 (US)   ,   +91 97178 45846 (India)    |       info@xecurify.com