Passing authentication information through the Bluemix Hybrid Secure Gateway

In this article I will demonstrate a couple of the things which can be passed through a Bluemix secure gateway, allowing us to create normal web based applications.

Introduction

In the previous article I demonstrated how to create a TLS secured hybrid Bluemix application. In this article we will look at some of the web properties/headers, cookies etc which we can pass through the gateway.

The Gateway

To demonstrate what can be passed through the gateway I am using a simple notes form to display the incoming information

The Cookie, Header and username fields are all hidden if the field value is blank

b1

 

Here is my application running on node, using the secure gateway and once again accessing the domino server hosted on my laptop.

b2

 

No username, no cookie, no header.

Changing the code back within the calling application we are going to add some additional information. In the following code snippet you can see that we have added some header “Marky” information.

app.get('/secureTunnel', function(req, res) {
    tunnel.create('8888', function(){
        var options = {
            headers: {"Cookie": "", "Marky": "Hi Marky"},
            port: '8888',
            path: '/xomino/ainx.nsf/testform?readform'
        };

        var callback = function(obj){
            res.writeHead(200, {"Content-Type": "text/html"});
            res.end(obj.body);
        }
        var obj = simpleHTTP.run(options, callback);

    });
});

When we refresh the application we can see that the header has been passed through the secure gateway to the application itself:


b3

b4

If we try and log into the application (directly on the domino server) we can generate a session authentication token. These screenshots are taken directly from the domino server.


b5

b6

At this point though just because the domino window is logged in, the node app still records anonymous.
b7

Adding the cookie to the node application code, which is passed through the gateway

app.get('/secureTunnel', function(req, res) {
    tunnel.create('8888', function(){
        var cookie = "DomAuthSessId=D2BF0063D62C9138E9F723BB88C046F5";
        var options = {
            headers: {"Cookie": cookie, "Marky": "Hi Marky"},
            port: '8888',
            path: '/xomino/ainx.nsf/testform?readform'
        };

        var callback = function(obj){
            res.writeHead(200, {"Content-Type": "text/html"});
            //res.write(JSON.stringify(obj.resHeaders)+"<hr/>")
            res.end(obj.body);
        }
        var obj = simpleHTTP.run(options, callback);
    });
});

We can now see that the user is authenticated within the bounds of the hybrid application

b8

Pushing all this code up into Bluemix you can truly appreciate the authenticated hybrid app

b9

Conclusion

In this article we have seen how we can push basic header information through the gateway and pseudo-demonstrate an authenticated application. There are of course multiple hurdles to overcome between this demo and a real world application, but I hope it has given you an idea for what’s possible.

 

 

Advertisements