Access User Profile in node.js after SSO authentication (BlueMix)

Question

I have searched and I have searched a lot, finally came here.

Have: I have deployed a simple node.js app on Bluemix that does nothing but display Hello! after authenticating the user through SSO SAML service bound to the app on Bluemix.

Need: What I need to do is get the user profile (firstName, lastName, displayName, emailId etc) so that I can store the user on to a database of my choice (say Cloudant) and further develop the app.

Issue: I couldn't find a way (example code) to retrieve the user profile. I have read that there is a token returned by the server which needs to be claimed/consumed, but nowhere is an example to be found on how to do that.

Existing thread: There is a thread on stackoverflow which is similar to my issue, but the solution didn't work. My code below explains that.

My code:

	Strategy = new OpenIDConnectStrategy({
					 authorizationURL : authorization_url,
					 tokenURL : token_url,
					 clientID : client_id,
					 scope: 'openid',
					 response_type: 'code',
					 clientSecret : client_secret,
					 callbackURL : callback_url,
					 skipUserProfile: false,
					 issuer: issuer_id}, 
		function(iss, sub, profile, accessToken, refreshToken, params, done)  {
					process.nextTick(function() {
			profile.accessToken = accessToken;
			profile.refreshToken = refreshToken;
			done(null, profile);
				})
	}); 
	passport.use(Strategy); 
}

app.get('/',ensureAuthenticated, function(req, res){});
app.get('/login', passport.authenticate('openidconnect', {successRedirect: '/hello',failureRedirect: '/failure'})); 
app.get('/hello', function(req, res) {
	console.log("Pooshon1: ",JSON.stringify(req.user));  
	console.log("Pooshon3: ",JSON.stringify(req.profile));  
	res.send('Hello, ');
	//res.send('Hello, '+ req.user.displayName + '!');
	//res.send('Hello, '+ req.user['id'] + '!');
});
app.get('/failure', function(req, res) { 
	res.send('login failed'); 
});          

I did not put the entire code, just what was relevant. So, passport returns done(null, profile), and what I read on the internet is that this profile object is returned by the server and can be found in the request object. In my code above, under the app.get("/hello".... the two console.log statements print "Pooshon: undefined", which means there is nothing like req.user or req.profile hence the last two lines are commented, because it throws Internal Server Error (500).

If anyone has done something like this, please help.

Answer 1

app.get('/', function(req,res,next){
if (!req.isAuthenticated()) {
    req.session.originalUrl = req.originalUrl;
    res.redirect('/login');
} else {
  //If authenticated, continue to next middleware
    res.send("You are authenticated : "+JSON.stringify(req.session.passport.user.cn));
    res.redirect('/welcome');
}});

I found the answer thanks to fellow IBMer Sasaki Rei. The answer is, to retrieve the user profile you need to access the session object contained in the request object. The session object contains an instance of passport object which in turn contains a 'user' object and that my friend contains all the information you may need about the user. I am not mentioning the properties inside the user object because it depends on the SSO token that is returned. In this example I have used the 'cn' property. You can print the user object to see what else is in there that you may need.

To print:

res.send("You are authenticated : "+JSON.stringify(req.session.passport.user));