This sample project demonstrates using the DigitalPersona OIDC Identity Provider for the purpose of authentication in a NodeJs Express application. It is written in AngularJs, and authorization is implemented through a NodeJs Express REST service.
There are two connected subprojects: /your-application and /your-service.
The sample application uses the OpenID Connect protocol for the purpose of authenticating a user via the DigitalPersona OIDC Identity Provider.
The sample service consumes an Access Token issued by the DigitalPersona OIDC Identity Provider and responds only if a valid token has been provided. The service uses third-party libraries to parse and validate the Access Token if a /secured path has been requested.
Before running this sample, you will need to
- Install Git
- Install latest NodeJS server
- # for trial version of DigitalPersona AD server and DigitalPersona AD Web Management Components,or the DigitalPersona LDS server and DigitalPersona LDS Web Management Components
- Install DigitalPersona them on a separate server.
- To run both the sample application and service on your development machine, you will first need to clone this repo by entering:
git clone
cd digitalpersona-sample-js-oidc/
- Open the https://<DigitalPersonaIdPHostName>/dppassivests/wsfed/metadata in Web browser. The response will look like
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="_32ce6961-33d6-4345-bbe3-9c71880494d6" entityID="">
<Signature xmlns="">
<CanonicalizationMethod Algorithm=""/>
<SignatureMethod Algorithm=""/>
<Reference URI="#_32ce6961-33d6-4345-bbe3-9c71880494d6">
<Transform Algorithm=""/>
<Transform Algorithm=""/>
<DigestMethod Algorithm=""/>
<!-- More settings here-->
- Locate first occurrence of <X509Certificate> tag and copy the content into clipboard. For the sample response above, you would need to select and copy MIIDNDCCAhygAwIBAgIQOfiz4aeylZpA51F4ujT/xjANBgkqhkiG9w0BAQsFADAyMTAwLgYDVQQDDCdodHRwczovL3dpbi1qZTI0dHRiMHE5Zy52aXJnby5jb20vZHBzdHMwHhcNMTgwNDIzMTE1OTE4WhcNMjEwNDIzMTE1OTE4WjAyMTAwLgYDVQQDDCdodHRwczovL3dpbi1qZTI0dHRiMHE5Zy52aXJnby5jb20vZHBzdHMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDG6VksGwzvpF94yg425NcVkcXPcK1ss1gSNfcH4TDhHSTCeI4n3r0sBl+L5SCoFQu6BQYpg73U9MUDvDWM1b7vo9Ou4Ic5Q7JCflXEjKPRE5x3KkWX0e/5jG9doujF6Amf6PDJxykDA1ZQejXaqqnwsY4XjF5QkuaelzTkKXEBL3zrvJ6sVjSby49ALRf1uyHmrzX0ucMkO/d6/2+5kGltKKPKhIoGQ/ZWxm+/ujfjHOAn0O3ZbA/BUXZ9u4/KNrDRcEX4MopzI2P6ofgNBUo0dslN2nEys5Qt1iC92AWIt27Jf7UkuEnMiDaT56vaGm3KdnlWuJ/UJJECCX1039orAgMBAAGjRjBEMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBSUfq3GfNRdFWFxpap1zR/YTAi04zAOBgNVHQ8BAf8EBAMCBSAwDQYJKoZIhvcNAQELBQADggEBAGJXFq091wYij3L4Mh0oGssDC/Z+J5NfrqRErImTCrrCkGXxh4500tvrIGOi0usm9Y3X+bldqmVxFgGPO1PwwAHO7zzB/YasQe7QN19Oe2VvR0lBvkaNEQor+u2k7dDJrpDW0vJ+YWDSFtpyHjGrtLQygGuDOo5UCzCSObVDDbfjNO/c7QtuCvZkzn11jhxIqjJHk3f5u40znPC33bmldbeVcpCaDgP7oZab81hg6WpmqZEJqF8mKr4vtBIxZsxaCHP95sKKMLX4shETiM7REsldkpqjawIJ7KRdqChUcFYz4ILV4BlRnUWWAWQv17uJHQV02Uozq2lhi3LVNNaELHQ=
- Open digitalpersona-sample-js-oidc\your-service\signingCertificate.pem file in the text editor. It will look like
- Insert empty line in between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, then paste clipboard contents there, so it will look like
- Save digitalpersona-sample-js-oidc\your-service\signingCertificate.pem file
- Open command line prompt as an Administrator.
- Change the directory to /your-service.
- Open package.json in text editor and locate your-service section
"your-service": {
"authenticationOptions": {
"audience": "https://<DigitalPersonaIdPHostName>/dpsts/resources",
"issuer": "https://<DigitalPersonaIdPHostName>/dpsts",
"clockTolerance": 10
- Replace <DigitalPersonaIdPHostName> with the actual host name for the server running DigitalPersona Identity Provider. The result would like like, assuming that is the actual host name
"your-service": {
"authenticationOptions": {
"audience": "",
"issuer": "",
"clockTolerance": 10
- Install dependencies by running the following command inside /your-service directory.
npm install
- Start sample application by running
npm start
In your web browser, open http://<your machine host name>:3001/secured.
Observe Unauthorized response, since no Access Token has been provided.
- Open command line prompt as an Administrator.
- Change directory to /your-application
- Install dependencies by running the following command in the project's root
npm install
- Open public/app/app.controller.js in text editor and locate the following line of a code
var digitalPersonaHostName = '<DigitalPersonaIdPHostName>';
- Replace <DigitalPersonaIdPHostName> with the actual host name for the server running DigitalPersona Identity Provider. The result would like like, assuming that is the actual host name
var digitalPersonaHostName = '';
Register the sample application as an OIDC client with DigitalPersona Identity Provider by adding the following into the <Clients> element of C:\Program Files\DigitalPersona\Web Management Components\DP STS\DPPassiveSTS\web.config.
Make sure to replace <your machine host name> in the code below with the actual discoverable host name.
<add ClientId="digitalpersona-sample-js-oidc" DisplayName="DigitalPersona Sample Js Oidc" Secret="Ks8/V0rj592QVQ5hdT+7e1NbPLa7rlloDivSAR3shFA=" Flow="Implicit">
<add Uri="http://<SampleAppMachineName>:3000/callback" />
<add Uri="http://<SampleAppMachineName>:3000/signout" />
- Start the sample application by running:
npm start
In your web browser, open http://<your machine host name>:3000/.
Click the # button.
Upon clicking the # button, you will be redirected to the DigitalPersona Identity Provider.
After successful authentication with the DigitalPersona Identity Provider, the sample application displays user information along with the result returned from /your-service.
Always use https in production.