使用 javascript 和 node 进行 Windows AD 单点登录 [英] Windows AD single sign on using javascript and node
问题描述
我正在实施基于 Angular 和 Node.js 的单页应用程序,该应用程序在企业 Windows Active Directory 域环境中的 Windows Server 上运行.我知道可以在诸如passport-ldapauth"和node-activedirectory"之类的节点包的帮助下通过 AD(通过传递用户名和密码)进行身份验证.
I am in the process of implementing a single page app based on Angular and Node.js, running on a Windows Server within a corporate Windows Active directory domain environment. I know that it is possible to authenticate via AD (by passing a username and password) with the assistance of node packages such as "passport-ldapauth" and "node-activedirectory".
我的问题是:实现单点登录功能的最可行/最直接的方法是什么,以便已经通过 PC/域上的 Active Directory 身份验证的用户不必输入他们的 AD 用户名/密码?
My question is: what would be the most feasible/straight-forward way of implementing single sign-on functionality, so that a user that had already authenticated to Active Directory on the PC / domain would not have to enter their AD username/password again?
我遇到过可以执行此操作的 Auth0 软件包,但我了解它们需要外部托管的云服务?(这对我来说不是一个选择).
I have come across Auth0 packages which are able to do this, but I understand they required an externally hosted cloud service? (which is not an option for me).
非常感谢.
更新:我一直在研究 Kerberos,因为这可能是一个解决方案,但是似乎没有任何成熟的 NPM 包可用于 node 和 Kerberos?更新 2:我发现了一个名为 Node-SSPI 的包,看起来很有前途.我还没有机会在 windows 域上试用它(希望明天会),但它能够验证用户登录到我的本地计算机.
Update: I have been investigating Kerberos as this could be a solution, however there does not seem to be any mature NPM packages out there for node and Kerberos ? Update 2: I have found a package called Node-SSPI that looks very promising. I have not had a chance to try it out on windows domain (hopefully will tomorrow) but it was able to verify the user logged on to my local machine.
谢谢
推荐答案
从 2020 年开始,也可以使用 node-expose-sspi.这个模块让你处理暴露给 Node 的 Microsoft SSPI API.
Since 2020, it can also be done with node-expose-sspi. This module let you deal with the Microsoft SSPI API which was exposed to Node.
SSO 可以通过 Kerberos 和 NTLM 完成.它已经过测试并作为内网 ERP 投入生产.
SSO can be done with both Kerberos and NTLM. It has been tested and is in production as intranet ERP.
注意:我是 node-expose-sspi 的作者.
Note: I am the author of node-expose-sspi.
这篇关于使用 javascript 和 node 进行 Windows AD 单点登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
