使用javascript和node的Windows AD单一登录 [英] Windows AD single sign on using javascript and node
问题描述
我正在实现基于Angular和Node.js的单页应用程序,该应用程序在公司Windows Active Directory域环境中的Windows Server上运行.我知道可以借助诸如"passport-ldapauth"和"node-activedirectory"之类的节点程序包通过AD进行身份验证(通过传递用户名和密码).
I am in the process of implementing a single page app based on Angular and Node.js, running on a Windows Server within a corporate Windows Active directory domain environment. I know that it is possible to authenticate via AD (by passing a username and password) with the assistance of node packages such as "passport-ldapauth" and "node-activedirectory".
我的问题是:实现单点登录功能的最可行/最直接的方法是什么,这样已经在PC/域上通过Active Directory进行身份验证的用户将不必输入其AD用户名/密码?
My question is: what would be the most feasible/straight-forward way of implementing single sign-on functionality, so that a user that had already authenticated to Active Directory on the PC / domain would not have to enter their AD username/password again?
我遇到了能够做到这一点的Auth0软件包,但是我知道他们需要外部托管的云服务吗? (这不是我的选择).
I have come across Auth0 packages which are able to do this, but I understand they required an externally hosted cloud service? (which is not an option for me).
非常感谢.
更新:我一直在研究Kerberos,因为这可能是一个解决方案,但是似乎没有用于节点和Kerberos的成熟NPM软件包? 更新2:我发现了一个名为Node-SSPI的软件包,它看起来非常有前途.我没有机会在Windows域上进行尝试(希望明天会试用),但是它能够验证用户登录到我的本地计算机.
Update: I have been investigating Kerberos as this could be a solution, however there does not seem to be any mature NPM packages out there for node and Kerberos ? Update 2: I have found a package called Node-SSPI that looks very promising. I have not had a chance to try it out on windows domain (hopefully will tomorrow) but it was able to verify the user logged on to my local machine.
谢谢
推荐答案
As the author noted in their update, this can be done with Node-SSPI. I verified that it also works on a windows domain.
这篇关于使用javascript和node的Windows AD单一登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
