-
Notifications
You must be signed in to change notification settings - Fork 175
Home
This wiki introduces a few walkthroughs that show you how to get the Node.js sample code up and running using SAML-P or WS-Federation protocols as well as accessing the Graph API through OpenAuth 2.0.
The libraries, which let you access Windows Azure Active Directory and enable the solutions, are included in standard NPM packages. The demonstration apps are very minimal and provides just enough to get you started using the APIs that are shipped with the product. If you need additional documentation about the APIs, click here.
Start with either the WS-Federation or SAML-P walkthrough, and then try the Graph API walkthrough, which builds on the other two. By the end of these walkthroughs, you should be able to build a running HTTP server with the following features:
- WebSSO using WS-Federation or SAML-P
- Graph API query capabiltiy using OpenAuth 2.0
To connect to other Node.js applications in the wild, we recommend using the SAML-P protocol, because it's emerging as the standard for Internet authentication and authorization flows. If you are building an LOB (Line of Business) app or interoperating with other Windows environments, WS-Federation might be a better choice for you.
Passport is authentication middleware for Node.js. Extremely flexible and modular, Passport can be unobtrusively dropped in to any Express-based web application. A comprehensive set of strategies support authentication using a username and password, Facebook, Twitter, and more. We have developed a strategy for Windows Azure Active Directory. If you use Passport.js for your authentication and authorization platform, adding Windows Azure Active Directory to your web application is easy. We will install this module and then add the Windows Azure Active Directory strategy plug-in.
In this walkthrough we follow the convention set out in existing Passport.js documentation of storing the token information from inside the cookie in to memory after authentication, and serve pages using data from this object for each additional page load. Azure recommends deploying your application onto multiple instances, so storing just the user email address in the cookie means load balancing won’t work. We recommend that you either serialize the token information provided in the cookie at each server call to the webserver or store the data in a shared datastore that multiple instances can access ensuring that calls to multiple instances of node.js will work.
###Use WS-Federation to Implement Windows Azure AD WebSSO in Passport.js ###Use SAML-P to Implement Windows Azure AD WebSSO in Passport.js ###Query Windows Azure AD Graph API with OAuth2
We would like to acknowledge the folks who own/contribute to the following projects for their support of Windows Azure Active Directory and their libraries that were used to build this sample. In places where we forked these libraries to add additional functionality, we ensured that the chain of forking remains intact so you can navigate back to the original package. Working with such great partners in the open source community clearly illustrates what open collaboration can accomplish. Thank you!
- Auth0's WS-Federation and SAML parsing library
- Auth0's Graph API Javascript library
- Auth0's SAML-P Library