3

Can we have Multiple policies for OIDCStrategy within the same application. I have an application that needs to be authenticated by either through App1(ClientID1) or through App2(ClientId2).

When using passport-azure-ad OIDCStrategy, i am always getting authenticated through only one of them.

Here are the routes:

app.get('/login1', 
  passport.authenticate('azuread-openidconnect', { failureRedirect: '/' }),
  ....
});

app.post('/auth/openid/return1',
  passport.authenticate('azuread-openidconnect', { failureRedirect: '/' }),
  function(req, res) { 
    ...
  });

app.get('/login2', 
  passport.authenticate('azuread-openidconnect', { failureRedirect: '/' }),
  ....
});

app.post('/auth/openid/return2',
  passport.authenticate('azuread-openidconnect', { failureRedirect: '/' }),
  function(req, res) { 
    ...
  });

Here are the configured strategies.

passport.use(new OIDCStrategy({
    clientID: config.creds.clientID1,
    redirectUrl: config.creds.redirectUrl1,
    clientSecret: config.creds.clientSecret1,
...
});


passport.use(new OIDCStrategy({
    clientID: config.creds.clientID2,
    redirectUrl: config.creds.redirectUrl2,
    clientSecret: config.creds.clientSecret2,
...
});

Update: This is not supported from passport-azure-ad. Have verified by going in deep. When we add new strategy, its actually adding strategy to key "azuread-openidconnect" When we add another one, its overriding the exsiting one.

passport._strategies['azuread-openidconnect']

Said that, it will alwayz use the latest one.

Still Do we have a solution for my scenario where an app needs to be authenticated through multiple AAD applications. ?

Solution so far is: we should register a multi tenannt AAD application and restrict the tenants to what we want.

krishna N
  • 31
  • 3
  • Based on my understanding, register a multiple Azure AD application is a right solution. Do you have other requirement that this solution not able to meet? – Fei Xue May 11 '17 at 05:16

1 Answers1

6

You can create two strategies and override their names, then specify the strategy in passport.authenticate. This method works for me.

var strategy1 = new OIDCStrategy(...);
strategy1.name = "strategy1";

var strategy2 = new OIDCStrategy(...);
strategy2.name = "strategy2";

passport.use('strategy1');
passport.use('strategy2');

app.get('/login1', passport.authenticate('strategy1', ...));

app.post('/auth/openid/return1', passport.authenticate('strategy1', ...));

app.get('/login2', passport.authenticate('strategy2', ...));

app.post('/auth/openid/return2', passport.authenticate('strategy2', ...));
Sijun Liu
  • 61
  • 1