A Comprehensive Guide to Building a Single Sign-On (SSO) Gateway with Node.js

Single Sign-On (SSO) systems have become critical in today's interconnected application ecosystems. By allowing users to log in once and access multiple applications seamlessly, SSO simplifies authentication, enhances user experience, and bolsters security. This blog dives into the implementation of an SSO Gateway using Node.js, Express, and MongoDB, guiding you through its features, architecture, setup, and best practices.

---

What is a Single Sign-On Gateway?

An SSO Gateway is a centralized authentication system where users authenticate once and gain access to multiple interconnected applications without needing to reauthenticate. The Node-SSO-Gateway project demonstrates a robust yet simple implementation of such a system.

---

Key Features of the Node-SSO-Gateway

1. Centralized Authentication

   • Users log in via a single SSO server, eliminating the need for multiple logins.

2. Token-Based Authorization

   • Secure, stateless communication between the SSO server and consumer applications via JSON Web Tokens (JWT).

3. Cross-Domain Session Management

   • Maintain seamless user sessions across multiple applications and domains.

4. MongoDB Integration

   • Secure storage of user credentials with robust password hashing (e.g., bcrypt).

5. Dynamic Consumer App Registration

   • Consumer applications can dynamically register themselves with the SSO server for authentication.

6. Logout Functionality

   • Supports global and local session termination for enhanced security.

---

System Architecture

The system is divided into three primary components:

1. SSO Server
   
   The central hub that authenticates users, manages sessions, and issues JWT tokens.

2. Consumer Applications (Clients)
   
   Applications relying on the SSO server for authentication. Each client establishes a local session after verifying the token.

3. MongoDB
   
   A database backend to securely store user data, including email and hashed passwords.

Architecture Diagram

---

How Does It Work?

1. User Login

   • Users log in through the SSO server. Upon successful authentication, the server issues a JWT token and redirects the user to the desired consumer app.

2. Token Validation

   • Consumer apps verify the JWT token with the SSO server before granting access to protected resources.

3. Session Management

   • Both global (SSO server) and local (consumer app) sessions are managed, ensuring secure and consistent access.

4. Logout

   • Users can log out from the SSO server, terminating the global session, or from a consumer app, terminating the local session.

---

Setting Up the Node-SSO-Gateway

1. Prerequisites

• Node.js and npm installed.
• MongoDB instance running (local or cloud-based).
• Basic knowledge of JWT, Express, and MongoDB.

2. Clone the Repository

git clone https://github.com/Ravikisha/Node-SSO-Gateway.git
cd Node-SSO-Gateway

3. Install Dependencies

Navigate to the root directory of each component and install the required packages.

For the SSO Server

cd server
npm install

For Consumer Applications

cd client1
npm install

# In another terminal
cd client2
npm install

4. Configure MongoDB

Create a .env file in both the SSO Server and consumer apps with the following content:

MONGODB_URI=mongodb://localhost:27017/sso-db

5. Start the Applications

Start the SSO Server:

cd server
npm run dev

Start the consumer apps:

cd client1
npm run dev

# In another terminal
cd client2
npm run dev

6. Test the System

• Visit http://localhost:3000 to access the SSO server login page.
• Successfully log in to be redirected to consumer apps (http://localhost:3001 and http://localhost:3002).

---

Adding New Consumer Applications

1. Create a new app following the structure of client1.
2. Register the app’s domain in the SSO Server’s allowedOrigin configuration.

   const allowedOrigin = {
       "http://localhost:3001": true,
       "http://localhost:3002": true,
       "http://localhost:3003": true,
   };

1. Redirect authentication requests to the SSO Server.

---

Security Best Practices

1. HTTPS Everywhere

   • Use HTTPS in production to ensure encrypted communication.

2. Secure JWT Storage

   • Store JWT securely, preferably in HTTP-only cookies, to prevent XSS attacks.

3. Validate Origins

   • Validate consumer app origins to prevent unauthorized requests.

4. Password Hashing

   • Use strong hashing algorithms like bcrypt for storing user passwords.

---

Logout Functionality

1. Local Logout

   • Removes the session from the consumer app only.

2. Global Logout

   • Terminates the session on the SSO Server, logging the user out from all consumer apps.

---

Screenshots

Login Page

SSO Server Page

Consumer Application (Client1)

Consumer Application (Client2)

---

Conclusion

The Node-SSO-Gateway project offers a secure and scalable solution for centralized authentication across multiple applications. By leveraging modern web technologies like Node.js, Express, and JWT, the system ensures a seamless user experience and robust security. Whether you're building a microservices-based architecture or integrating multiple platforms, this SSO solution is a solid foundation for managing authentication effectively.

Explore the repository here and get started with centralized authentication today!