b. Understand how to configure external authentication for IBM Bluemix PaaS web applications with the Single Sign On service (SSO)
1. SSO requires the application to use an OpenID Connect client interface
IBM Single Sign On for Bluemix is an authentication service that provides an easy to embed single sign on capability for web applications. The service may be bound to multiple Bluemix applications to provide a common authentication service. Applications call the SSO service through an OpenID Connect compatible client implementation.
2. Applications using SSO can support Cloud directories, Social Media sites and Enterprise directory as identity sources
The SSO service acts as an authentication broker for multiple identity sources. Identity Sources are collections of users, each collection is identified as a realm. The supported identity services are the following:
Cloud Directory: this is a basic LDAP in the cloud that can be populated with simple username/password authentication credentials and a few other user attributes.
Social providers: currently supporting Facebook, LinkedIn, and Google. These very commonly used identity providers allow your application to authenticate users and obtain identity information including an email address.
Enterprise directory identity repositories: this integration uses SAML post single sign on. The on-premise website authenticates users (acting as the identity provider) and then uses SAML to securely transmit that identity information to the SSO Service instance, which is acts in the role of a SAML service provider. A virtual appliance is available to implement an authentication portal to an LDAP server if one is not already configured in the enterprise.
3. Integration requires the implementation of an authentication callback
When adding the SSO service to an application, only a few steps are required. At a high level, the developer performs the following actions:
Add the Single Sign On service to the dashboard
Select the identity source(s) to configure
Configure settings for identity source
Bind SSO service to application and access integrate tab to download Node.js module ( if using Node.js )
Insert integration code into application (implementing callback method URL)
o Node.js and Java samples provided, others use an OpenID Connect compatible client library
Provide authentication callback URL and specify one or more configured identity sources for the application to use through the service integrate tab
Reference: https://www.ng.bluemix.net/docs/services/SingleSignOn/index.html
1. SSO requires the application to use an OpenID Connect client interface
IBM Single Sign On for Bluemix is an authentication service that provides an easy to embed single sign on capability for web applications. The service may be bound to multiple Bluemix applications to provide a common authentication service. Applications call the SSO service through an OpenID Connect compatible client implementation.
The SSO service acts as an authentication broker for multiple identity sources. Identity Sources are collections of users, each collection is identified as a realm. The supported identity services are the following:
Cloud Directory: this is a basic LDAP in the cloud that can be populated with simple username/password authentication credentials and a few other user attributes.
Social providers: currently supporting Facebook, LinkedIn, and Google. These very commonly used identity providers allow your application to authenticate users and obtain identity information including an email address.
Enterprise directory identity repositories: this integration uses SAML post single sign on. The on-premise website authenticates users (acting as the identity provider) and then uses SAML to securely transmit that identity information to the SSO Service instance, which is acts in the role of a SAML service provider. A virtual appliance is available to implement an authentication portal to an LDAP server if one is not already configured in the enterprise.
3. Integration requires the implementation of an authentication callback
When adding the SSO service to an application, only a few steps are required. At a high level, the developer performs the following actions:
Add the Single Sign On service to the dashboard
Select the identity source(s) to configure
Configure settings for identity source
Bind SSO service to application and access integrate tab to download Node.js module ( if using Node.js )
Insert integration code into application (implementing callback method URL)
o Node.js and Java samples provided, others use an OpenID Connect compatible client library
Provide authentication callback URL and specify one or more configured identity sources for the application to use through the service integrate tab
Reference: https://www.ng.bluemix.net/docs/services/SingleSignOn/index.html
0 comments:
Post a Comment