IBM Bluemix Single Sign ON Integration

Steps involved for integrating SSO with IBM Bluemix CF Application are:
SSO can only be configured if you have admin roles in the space you are working.

1.Configure and create the SSO service in your space and organization
2.There are many ways to provide authentication to your service:
3.a. Choose from SamL, Twitter, Facebook and Cloud-directory authorization.
4.Configure a Cloud Directory and Add Users credentials and email id.
5.Now bind the service to your application but DONOT Restage it.
6.After the service is bound to your application goto application connections and click the SSO service
icon.
7.Now click on integrate and mention a Return-to-URL as - application
name.mybluemix.net/sso/auth/callback
8.Now this return to url must be exactly same as the call back url that you will mention in your
application code.
9.Attaching the code steps needed for node JS application integration with SSO:
10.a.Copy the following code and paste it after any other require statements in
your application.
11.var cookieParser = require('cookie-parser');
12.var session = require('express-session');
13.var passport = require('passport');
14.var OpenIDConnectStrategy = require('passport-idaas-openidconnect').IDaaSOIDCStrategy;
15.b. Add the following code to app.js
16.
17.// define express session services, etc for SSO
18.app.use(cookieParser());
19.app.use(session({resave: 'true', saveUninitialized: 'true' , secret: 'keyboard cat'}));
20.app.use(passport.initialize());
21.app.use(passport.session());
22.//SSO code
23.passport.serializeUser(function(user, done) {
24. done(null, user);
25.});
26.
27.passport.deserializeUser(function(obj, done) {
28. done(null, obj);
29.});
30.
31.// find config object for the SSO services from VCAP_SERVICES through cfenv/appEnv
32.var services = JSON.parse(process.env.VCAP_SERVICES || "{}");
33.var ssoConfig = services.SingleSignOn[0];
34.var client_id = ssoConfig.credentials.clientId;
35.var client_secret = ssoConfig.credentials.secret;
36.var authorization_url = ssoConfig.credentials.authorizationEndpointUrl;
37.var token_url = ssoConfig.credentials.tokenEndpointUrl;
38.var issuer_id = ssoConfig.credentials.issuerIdentifier;
39.// you MUST change the host route to match your application name
40.var callback_url = 'https://appname.mybluemix.net/auth/sso/callback';
41.
42.var Strategy = new OpenIDConnectStrategy({
43. authorizationURL : authorization_url,
44. tokenURL : token_url,
45. clientID : client_id,
46. scope: 'openid',
47. response_type: 'code',
48. clientSecret : client_secret,
49. callbackURL : callback_url,
50. skipUserProfile: true,
51. issuer: issuer_id},
52. function(accessToken, refreshToken, profile, done) {
53. process.nextTick(function() {
54. profile.accessToken = accessToken;
55. profile.refreshToken = refreshToken;
56. done(null, profile);
57. })
58.});
59.
60.passport.use(Strategy);
61.app.get('/login', passport.authenticate('openidconnect', {}));
62.
63.function ensureAuthenticated(req, res, next) {
64. if(!req.isAuthenticated()) {
65. req.session.originalUrl = req.originalUrl;
66. res.redirect('/login');
67. } else {
68. return next();
69. }
70.}
71.
72.app.get('/auth/sso/callback',function(req,res,next) {
73. var redirect_url = req.session.originalUrl;
74. passport.authenticate('openidconnect',{
75. /*successRedirect: 'http://appname.mybluemix.net',*/
76. successRedirect : '/hello',
77. failureRedirect: '/failure',
78. })(req,res,next);
79. });
80.
81.
82.app.get('/hello', ensureAuthenticated, function(req, res) {
83. res.send('Hello, '+ req.user['id'] + '!'); });
84.});
85.
86.
87.
88.app.get('/failure', function(req, res) {
89. res.send('login failed'); });
90.To the package.json dependencies add the following:
91. "passport": "0.3.2"
92."cookie-parser" : "1.3.x",
93. "express-session" : "1.x",
94."passport-idaas-openidconnect": "2.0.x"

For further explanations refer to :

https://console.ng.bluemix.net/docs/services/SingleSignOn/sso_troubleshooting.html#task_configuringa
pp