Federated Identity

-o0O0o-

How to enable users to access multiple systems or applications using a single identity across trusted domains or organizations?

-o0O0o-

Original author: Microsoft and other organizations have contributed to the concept

UML Model File:

Download Fedrated Identity

Model Format Visual Paradigm

Provide authentication via an external identity provider.

Advantages

Single Sign-On (SSO): Users can log in once to access multiple systems or applications across different domains without needing to authenticate repeatedly.
Enhanced Security: Minimizes risks associated with password reuse and weak credentials.
Standardization: Uses standardized protocols like SAML, OpenID Connect, and OAuth 2.0, which ensure interoperability across different platforms and providers.

Disadvantages

Dependency on Identity Providers: If the Identity Provider becomes unavailable or compromised, access to all federated systems may be disrupted.
Performance Overhead: Token exchange and validation processes may introduce latency, especially in high-traffic systems.

Code Examples

const express = require(‘express’);
const passport = require(‘passport’);
const { Strategy } = require(‘passport-openidconnect’);

// Configure the OpenID Connect strategy
passport.use(
  new Strategy(
    {
      issuer: ‘https://YOUR_AUTH_PROVIDER.com’,
      authorizationURL: ‘https://YOUR_AUTH_PROVIDER.com/authorize’,
      tokenURL: ‘https://YOUR_AUTH_PROVIDER.com/oauth/token’,
      userInfoURL: ‘https://YOUR_AUTH_PROVIDER.com/userinfo’,
      clientID: ‘YOUR_CLIENT_ID’,
      clientSecret: ‘YOUR_CLIENT_SECRET’,
      callbackURL: ‘http://localhost:3000/callback’,
    },
    (issuer, sub, profile, accessToken, refreshToken, done) => {
      // Handle the authenticated user
      return done(null, profile);
    }
  )
);

// Serialize user to session
passport.serializeUser((user, done) => done(null, user));
passport.deserializeUser((obj, done) => done(null, obj));

const app = express();

app.use(passport.initialize());
app.use(passport.session());

// Login route
app.get(‘/login’, passport.authenticate(‘openidconnect’));

// Callback route
app.get(
  ‘/callback’,
  passport.authenticate(‘openidconnect’, { failureRedirect: ‘/’ }),
  (req, res) => {
    res.send(`Hello ${req.user.displayName}!`);
  }
);

// Protected route
app.get(‘/protected’, (req, res) => {
  if (!req.isAuthenticated()) {
    return res.redirect(‘/login’);
  }
  res.send(‘This is a protected route!’);
});

// Start the server
app.listen(3000, () => {
  console.log(‘App running at http://localhost:3000’);
});

const express = require(‘express’);

const passport = require(‘passport’);

const { Strategy } = require(‘passport-openidconnect’);

// Configure the OpenID Connect strategy

passport.use(

new Strategy(

{

issuer: ‘https://YOUR_AUTH_PROVIDER.com’,

authorizationURL: ‘https://YOUR_AUTH_PROVIDER.com/authorize’,

tokenURL: ‘https://YOUR_AUTH_PROVIDER.com/oauth/token’,

userInfoURL: ‘https://YOUR_AUTH_PROVIDER.com/userinfo’,

clientID: ‘YOUR_CLIENT_ID’,

clientSecret: ‘YOUR_CLIENT_SECRET’,

callbackURL: ‘http://localhost:3000/callback’,

(issuer, sub, profile, accessToken, refreshToken, done) => {

// Handle the authenticated user

return done(null, profile);

}

)

);

// Serialize user to session

passport.serializeUser((user, done) => done(null, user));

passport.deserializeUser((obj, done) => done(null, obj));

const app = express();

app.use(passport.initialize());

app.use(passport.session());

// Login route

app.get(‘/login’, passport.authenticate(‘openidconnect’));

// Callback route

app.get(

‘/callback’,

passport.authenticate(‘openidconnect’, { failureRedirect: ‘/’ }),

(req, res) => {

res.send(`Hello ${req.user.displayName}!`);

}

);

// Protected route

app.get(‘/protected’, (req, res) => {

if (!req.isAuthenticated()) {

return res.redirect(‘/login’);

}

res.send(‘This is a protected route!’);

});

// Start the server

app.listen(3000, () => {

console.log(‘App running at http://localhost:3000’);

});