Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.6k views
in Technique[技术] by (71.8m points)

single sign on - Authentication flow for SSO between a (Node.js + React) App and Microsoft Active Directory

Hi I am trying to understand how an SSO would work for users trying to use an app built on React with backend in Node.js with Microsoft Active Directory being the Identity Provider.

I have built SSO using protocols like SAML and OIDC in the same app and different Identity providers and I wish to provide users a functionality to SSO using Active Directory also. What I am not able to understand is the flow. I have read a lot of articles on internet and it only led to even more confusion for me.

Before all the reading what I was expecting was this:

  1. There is an Active Directory server having some authentication url that my app will redirect the users to.
  2. Upon successful authentication the AD server will send the user back to my app with some token that my backend will process and establish a local session later for the user.

But nowhere in any of the articles I found anything related to that. On top of it there's tons of libraries available like node-expose-sspi node-adal ldapjs activedirectoryjs and what not and all of them are having different approach to making SSO work with node.

For example take node-expose-sspi

What they say is that this small piece of code is all we need.

const sso = require('node-expose-sspi');
app.use(sso());

In the above code, we didn't specify which AD server to use or any auth url, how will the package come to know what to do?

Another example: activedirectory

var ActiveDirectory = require('activedirectory');
var config = { url: 'ldap://dc.domain.com',
               baseDN: 'dc=domain,dc=com',
               username: '[email protected]',
               password: 'password' }
var ad = new ActiveDirectory(config);

Ok so we have a config here but the fact that this library expects username and password of the user. But this is not SSO if application is asking for username and password from the user. Or is it some user in Active Directory that has permissions to list our users in AD, if yes then how will the node server know which user to look for when it has a list of all the users?

Maybe I am not able to understand the flow correctly. Can someone help me with that? Thank you :)

question from:https://stackoverflow.com/questions/65936881/authentication-flow-for-sso-between-a-node-js-react-app-and-microsoft-active

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)
Waitting for answers

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...