IBM® Bluemix™ is a Platform as a Service(PaaS) cloud offering from IBM®. It enables organizations and developers to quickly and easily create, deploy, and manage applications on the cloud.
IBM Single Sign ON is a policy based authentication service that provides an easy to embed Single SIGN ON capability for NODE JS Or Java Applications.
Single SIGN ON supports several identity sources where users credentials are stored:
- SAML Enterprise: A user registry with an exchange of SAML token that completes the authentication.
- Cloud Directory: A user registry that is hosted in the IBM Cloud
- Social Identity Sources: The user registries that are maintained by Google,Facebook and LinkedIn
This blog will help you to ADD SOCIAL IDENTITY SOURCE FROM FACEBOOK for Single SIGN ON (SSO) for Bluemix App
- IBM Bluemix Account – Take a 30 day free trial here http://ibm.biz/bluemixapp
- Eclipse IDE for Java EE developers
- Cloud Foundry command line interface
- Facebook Account
So,let’s begin with CONFIGURING IDENTITY SOURCES :
Step 1: From Bluemix CATALOG, Select Single Sign On Security service
Step 2: Insert a Service Name and then click on CREATE
Step 3: Provide a name to the service. This name will be part of the service URL and Click on Continue
Step 4: Click FACEBOOK to add identity source.
Step 5: After changing the name (optional), Click on “Click here” which will redirect you to facebook for developers page.
Step 6: Click on My Apps and then click on Add a New App
Step 7: Click on Website
Step 8: Enter App Name and then Click on Create New Facebook App ID
Step 9: Choose a Category and then click on Create APP ID
Step 10: You can now see your App listed on My Apps section. Click on TweetAuth which will take you to Dashboard of the App
Step 11: In the Dashboard, Copy APP ID and APP Secret
Step 12: Go back to Bluemix Dashboard and then Paste the APP ID and APP Secret. Copy the OAuth Redirect URI and then Click on SAVE
Step 13: In the facebook for developers page, SETTINGS TAB>Basic enter your Contact Email and Website URL and click on SAVE CHANGES
Step 14: In Facebook for developer page, SETTINGS>ADVANCED, toggle from NO to YES for Client OAuth Login and then paste the OAuth Redirect URI in the textbox and then click on SAVE CHANGES
Step 15: Go back to Bluemix DASHBOARD, you will now find VERIFY button,click on that and Verify Access to Facebook by clicking on “Click here”
Step 16: Awesome! It’s working!!
Step 17: You can now see your identity source app in the list
The next step is to Configure APP by creating an APP:
Configuring a Liberty for Java APP with SSO:
- For Liberty for Java Applications, the Single Sign On service leverages the OpenID Connect (OIDC) client feature from Liberty and the Bluemix Liberty buildpack. As a result, Java applications running on Bluemix do not need to include any code to support the OpenID Connect protocol or Single Sign On.
However, you must enable security constraints. To enable them, you can use declarative J2EE security to secure the application and all protocol support is completely “built-in.”
After you bind the app to an instance of the single sign-on service, the Bluemix buildpack detects that the application is bound and automatically configures the OIDC client in the Liberty runtime server.xml to enable the application for the service. The configuration is done when you deploy the application in Bluemix using either the cf push command or using the restaging process in the Bluemix dashboard.
To complete the configuration of the application, you must add security constraints. You can add the constraints in the same manner as you would for traditional J2EE applications using EAR/WAR binding files to declare roles and protected resources.
The following example illustrates security constraint configuration for a Java application that uses the web.xml and the Liberty server.xml files.
- Create a HelloWorld Servlet in com package with twitter as the Java application name
- Open the web.xml file in a text editor.
- Set security constraints: Consider the below as example.
<servlet> <servlet-name>HelloServlet</servlet-name> <servlet-class>com.HelloWorld</servlet-class> </servlet> <servlet-mapping> <servlet-name>HelloServlet</servlet-name> <url-pattern>/hello/*</url-pattern> </servlet-mapping> <security-constraint> <display-name></display-name> <web-resource-collection> <web-resource-name>HelloServlet</web-resource-name> <url-pattern>/</url-pattern> <url-pattern>/*</url-pattern> <url-pattern>/</url-pattern> <http-method>GET</http-method> <http-method>PUT</http-method> <http-method>HEAD</http-method> <http-method>TRACE</http-method> <http-method>POST</http-method> <http-method>DELETE</http-method> <http-method>OPTIONS</http-method> </web-resource-collection> <auth-constraint> <role-name>TESTROLE</role-name> </auth-constraint> </security-constraint>
- Save the web.xml file.
- Open the server.xml file in a text editor.
- Enable the security constraints. Use the following example as a guide.
<server description="new server">
<httpEndpoint httpPort="9080" httpsPort="9443" id="defaultHttpEndpoint"/>
<application type="war" id="twitter" name="twitter"
Push the app(twitter.war) along with server.xml to Bluemix using CF Push command . Learn how to push application to bluemix using CF command through my earlier blog.
- Bind the SSO service to the Java APP and then Restage it.
- Open the app .Here eg: tweetout.mybluemix.net/twitter/hello ,It will redirect you to facebook page for logging in
Hurray your Bluemix App is now secured by Single Sign On facebook authentication!!
Courtesy: (bluemix.net) IBM Bluemix and Facebook for Developers (developers.facebook.com)