I am in the process of implementing a single page app based on Angular and Node.js, running on a Windows Server within a corporate Windows Active directory domain environment. I know that it is possible to authenticate via AD (by passing a username and password) with the assistance of node packages such as "passport-ldapauth" and "node-activedirectory".
My question is: what would be the most feasible/straight-forward way of implementing single sign-on functionality, so that a user that had already authenticated to Active Directory on the PC / domain would not have to enter their AD username/password again?
I have come across Auth0 packages which are able to do this, but I understand they required an externally hosted cloud service? (which is not an option for me).
Thanks very much in advance.
Update: I have been investigating Kerberos as this could be a solution, however there does not seem to be any mature NPM packages out there for node and Kerberos ?
Update 2: I have found a package called Node-SSPI that looks very promising. I have not had a chance to try it out on windows domain (hopefully will tomorrow) but it was able to verify the user logged on to my local machine.
Thanks
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
