Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to do single sign-on with NodeJS? [closed]

I've got multiple web apps running across multiple domains. I want to implement Single Sign-On, so that a user signs in once to access all apps.

How should I implement this? All apps use NodeJS backend.

General pointers in the right direction are welcome.

like image 1000
danday74 Avatar asked Apr 26 '17 10:04

danday74


People also ask

How do I use SAML in node JS?

Click on save button to configure Nodejs. Click on metadata and copy IDP Entity ID, SAML Login URL, SAML Logout URL, X509 Certificate. Add IDP and SP configurations in saml-config. json file given in saml-config folder.


2 Answers

As your apps are running on different domains, you can no way share cookies between those APPS running on client machine to validate the user. So somehow information needs to be shared on server end.

Simplest solution that comes to my mind is:

  1. Have a shared session for all servers.

  2. Have a specific authentication domain and redirect users there whenever authentication is needed. Authenticate user there and set a session cookie or token whatever you want.

  3. Whenever any app of yours needs authentication, redirect it to authentication domain. Authentication cookie will be served to authentication domain as well as the referrer domain. On seeing that you are already validated, authentication server can redirect you to original app with proper sessionID, which will be set as cookie for that domain.

  4. If not authenticated, user will be asked to authenticate on authentication server and then the redirection will happen.

  5. With little changes, you can achieve this using tokens and without need of shared sessions.

Validate the states properly before implementing it. More states in your mechanism means more chances of bugs and possible attacks.

Consider moving your apps on same sub-domain. If the authentication mechanism is same then everyone knows that all apps belong to same company. It will be also be easier for people to remember various sub domains on same domain rather than remembering all different domains.

like image 113
Krrish Raj Avatar answered Oct 04 '22 18:10

Krrish Raj


The most used project is http://passportjs.org/ that is pretty much the only one I use, has great connectors to on premise soltions like ADFS and third party ones like google, facebook.

like image 34
Peter Grainger Avatar answered Oct 04 '22 18:10

Peter Grainger