I am trying to make SSO in my application and I search a lot about SSO and in the end, what I conclude is to create a global session auth them and then create a local session. I know how to create a local session but I don't know how to create a global session.
My one application is on vue and another is on angular. A domain like for vue abc.com/vue and abc.com/angular.
So what I want if the user login in any one of them then in another application user automatic authenticate that's was SSO means.
My problem how can I create a global session for both applications.
I used Express as my authentication server (Single Authentication Server).
Please Sorry if I write something weird.
In a simple word, I want SSO in my application
Related
My question is similar to this one, but my app is build on NodeJS.
I'm working on one POC.
I have a simple nodejs app on Heroku, it has one simple UI in HTML. Currently url of app is accessible by all the users. I want that URL should be accessible by only authenticated users, others can't access that URL.
My ultimate aim is to implement SSO for for authentication.
I have some 30 different applications written in node js (expessjs). I am building single login for all, if user login into one app then he can access all other apps with one session, I am sharing session secret on all apps for that,
Problem is req.session is now shared with all apps, if any app store anything in session for local use of that app is also share will all apps,
I want to resolve this problem something like two sessions etc one can be shared will all apps and one for local use of that app.
Anyone have any idea please share.
Module used
express-session, cookie-parsor, redis-store
[MODIFIED]
Local data also need persistent, since few apps have multiple instances.
First case is session flash data
Second case is user permission details
Thanks
I'm trying to create a self-hosted app. This app would provide a custom express server with some routes and also provides a CouchDB access using pouchdb-server. I would like the node server to be able to configure the database and create the admin username/password, and then create the roles functions. How can I configure CouchDB from my nodejs app?
I would like to:
Stop admin party and create an admin with a password. I found that the web client makes a PUT request to http://localhost:5984/_node/couchdb#localhost/_config/admins/<username> with password in payload, but I would like to do it using express-pouchdb, so HTTP is not possible
Create users roles I would like to set up several roles
Set up permissions which roles can update which databases, what databases are readable by who etc...
Please note that I can't do direct http requests to CouchDB, since I'm using pouch-db-express in my node app to serve the db to the client, and I would like my express app to configure the couchDB instance managed by pouchdb-express
Stop admin party and create an admin with a password
I'm pretty sure the only way to interact with the _config endpoint is with HTTP, as I see no config plugin on the plugins page. Even if there was a plugin, it would use HTTP. Is there some reason HTTP is actually not possible? Or you just don't want to use it?
Create users roles
The PouchDB authentication plugin can do this for you.
Set up permissions
The authentication plugin also gives you access to the _security endpoint for this. Then you'll also need to create the appropriate design documents, using the standard put() API.
I have one Node Bluemix application configured with the SSO Service & connected with a Cloud Directory. I can successfully authenticate the user but I'm having problems to accomplish a successful logout. I have tried req.session.destroy, req.logout, and express-passport-logout module to end the session. But none of them worked. I also tried to remove cookies from my application but it didn't work as well. The only way it is working is by restarting the browser or clearing cookies from browser. Does anybody know how to achieve a SSO logout from the application?
The last time I used the service this was not possible. The problem is: what you are doing with the listed commands is to close your application session, not the one on SSO service. So when the user comes back (with the same cookie) your application will ask SSO service to check and it will accept the user (since the session there is still open). Currently there is no API available to close the session on the SSO service instance.
Actually, this becomes more complex when you use external IdP: even if you close the session at the SSO server, the browser will still have a session with the real IdP the user logged in from, which depending on the configuration of your service instance could be one or more of IBM, Facebook, Google, Linkedin. Some of these IdP's provide long-lived sessions via persistent cookies and your application can't force the termination on their side. That means that on next click of the "login" button, particularly in the case where the SSO service instance is configured to use only one IdP, SSO will happen seamlessly with no further interaction.
Take a look here to get more information.
As Umberto says, maybe it was not possible before, but now it seems to be:
Check this. You can redirect your user to this:
/idaas/mtfim/sps/idaas/logout
At least this seems to work if you only use Cloud Directory.
We have 3 nodejs web application running on same domain name on same vps with multiple subdomains and implementing passport authentication for each. We wanted single user be able to access all application with single account and for that we have added accounts.example.com as fourth application solely for purpose of account management. The requirement is - once user is authenticated in accounts.example.com, how to enable user to access rest of the three web application with that session.
you can share your session in redis-server.if you use express,you can try to use connect-redis
https://github.com/visionmedia/connect-redis
Try Hands on CanSecurity... It tops the chart for node.js Single sign on.. Hope this proves fruitful https://github.com/deitch/cansecurity