问题
I am in the process of implementing a single page app based on Angular and Node.js, running on a Windows Server within a corporate Windows Active directory domain environment. I know that it is possible to authenticate via AD (by passing a username and password) with the assistance of node packages such as "passport-ldapauth" and "node-activedirectory".
My question is: what would be the most feasible/straight-forward way of implementing single sign-on functionality, so that a user that had already authenticated to Active Directory on the PC / domain would not have to enter their AD username/password again?
I have come across Auth0 packages which are able to do this, but I understand they required an externally hosted cloud service? (which is not an option for me).
Thanks very much in advance.
Update: I have been investigating Kerberos as this could be a solution, however there does not seem to be any mature NPM packages out there for node and Kerberos ? Update 2: I have found a package called Node-SSPI that looks very promising. I have not had a chance to try it out on windows domain (hopefully will tomorrow) but it was able to verify the user logged on to my local machine.
Thanks
回答1:
As the author noted in their update, this can be done with Node-SSPI. I verified that it also works on a windows domain.
来源:https://stackoverflow.com/questions/33257969/windows-ad-single-sign-on-using-javascript-and-node