4. Update the Node.js starter application to use the Single Sign On service for external authentication

The application will require some additional node.js modules to use the Single Sign On service.

  1. Update the package.json file from the application code top directory with a text editor and add the following lines into the dependencies section:"passport": "0.3.2",
    "cookie-parser" : "1.4.x",
    "express-session" : "1.x",
    "passport-idaas-openidconnect": "2.x"

    The package.json file should look something like this when complete:

    Next, you will add some code to the application to use the Single Sign On service to manage authentication access to specified routes in the application. See the section at the end of this lab for the full source code for reference.

  2. Open the app.js file in the application top level directory with a text editor and add the highlighted code just below the var express = require('express'); statement.
  3. After the var app = express(); statement, add code to create session handling services in express and configure the passport module to use it with this highlighted code.
  4. Add some logic to process the entries in the VCAP_SERVICES environment variable.When the SSO service is bound to the application, the service instance details including the client ID, client secret, authorization URL, token URL, and issuer ID used in the OpenID Connect strategy for passport are set in the VCAP_SERVICES variable. In addition to these entries, add the string that is used for the callback URL in the INTEGRATE tab.

    These entries will be used in a constructor for a new OpenID Connect strategy that will then be provided to passport. The code to be added is highlighted and immediately follows the previous code:

  5. For this sample application, define a route in Express that will be used to initiate authentication for a session. Then, define a function that can be added to any Express route to ensure that a session web session accessing the route is authenticated.
  6. Define the authentication callback URL.This authentication callback function implementation reads the original request URL from the session and if the authentication was successful, continue processing the original URL request. If the authentication was not successful, the user will be routed to a simple failure route.

  7. Add two routes to the application for user interaction.The first invokes the ensureAuthenticated() function to check whether the session is authenticated, and if not, this function authenticates the user and return. When authenticated, the first route returns a simple message based on the unique ID that is provided to the Single Sign On service by the identity provider. The second route provides the message when an authentication fails.

  8. Optional: Add a route that will invoke a logout capability with code like this:
    This completes the changes to the app.js code.
  9. Save the changes in the editor and open the public/index.html file where you will make minor changes to the starter static HTML. Change the content in the <span class = “blue”> element to something more inspiring and then add a simple form button as an additional table row.
  10. Save this file and then return to the command prompt window for the next section.