The Gluu Server uses this component to enable social login. With over 300 existing integrations, Passport provides a crowd-sourced approach to offering users social login at popular consumer IDPs. Passport not only normalizes authentication, it also provides a standard mechanism to map user claims.

Gluu Passport is built upon the popular authentication middleware Passport.js, which supports plugins (AKA “Strategies“) that allow integration of identity providers easily. There are hundreds of strategies available in the Node.js Package Registry: npm. Any OAuth strategy can be supported.

Authentication Flow

After users authenticate at the external social identity provider, the control flows back to Janssen Authentication server where the user is verified and the user-id is provisioned into the Janssen server.

Role of Passport-JS project and Janssen’s Authentication server

  1. The passport-js project encrypts and signs user data before passing it to the Janssen server.
  2. Janssen Auth server verifies the received JWT, decrypts data, add/update user into LDAP, and marks the user as authenticated. Check Script Code For details.

Out of the box, the following external identity providers can be integrated:

  • OpenId Connect OPs (with standard communication or via Gluu’s mediator old server)
  • OAuth (v1.0 or v2.0) Authorization Servers

Typical usage of OAuth inbound identity is for supporting social login, ie. making your users log in to your application by using their existing accounts at popular sites like Facebook, Twitter, Github, etc.

An open-source IAM platform you can trust

« »