JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 183
  • Score
    100M100P100Q90771F
  • License ISC

Expose the Microsoft Windows SSPI interface in order to do NTLM and Kerberos authentication.

Package Exports

  • node-expose-sspi

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (node-expose-sspi) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

node-expose-sspi

Expose the Microsoft Windows SSPI (SSP Interface) to Node.js®.

😏 It has been done in order to do NTLM and Kerberos SSO authentication.

Requirements: Microsoft Windows OS, NodeJS version >=12.16.1.

Install

Just do:

npm i node-expose-sspi

Note: There is a prebuilt binary node addon that will be installed.

Usage

SSO Authentication server use case

mkdir myproject
cd myproject
npm init -y
npm i express
npm i node-expose-sspi

Make an express web server by doing the server.js file:

const express = require("express");
const { sso, sspi } = require("node-expose-sspi");

sso.config.debug = false;

const app = express();

app.use(sso.auth());

app.use((req, res, next) => {
  res.json({
    sso: req.sso
  });
});

app.listen(3000, () => console.log("Server started on port 3000"));
node server.js

Open a Google Chrome web browser and go to http://localhost:3000.

You should see the JSON result with user, owner and used method (NTLM or Kerberos).

Note: To read JSON file on Chrome, you should use the JSON Formatter Chrome Extension.

SSO Authentication client use case

See the example here.

Browsers

Chrome

No conf. It just works.

Firefox

Unlike Chrome, NTLM and Kerberos are not activated by default in Firefox. To make it working, you need to follow these steps:

  1. Navigate to the URL about:config.
  2. Click past the warning of harmful consequences.
  3. Type negotiate-auth into the filter at the top of the page, in order to remove most of the irrelevant settings from the list.
  4. Double-click on network.negotiate-auth.trusted-uris. A dialogue box for editing the value should appear.
  5. Enter the required hostname(s) and/or URL prefix(es) then click OK. For the above example, it is http://localhost:3000

More detailed info here.

Edge

Edge does not require any configuration. But the browser ask the credentials to the user each time it is started.

API

Access to the detailed API document. This has been generated with typedoc.

Do see the API in action, you should read the sso source code object. auth and connect functions are two instructive examples of how to use SSPI with NodeJS.

There is 2 parts in this module:

  • sspi object which exposes the Microsoft SSPI library API.
  • sso object, written in typescript/javascript with the following classes or functions:
    • auth(): express middleware finding the SSO logged user.
    • connect({login, password, domain): connect with a MS Windows account login/password.
    • new SSO(serverContextHandle): create a SSO object from a secure context handle.
    • getDefaultDomain(): get the windows domain/hostname where the server started.

Typescript

This module is also integrated with Typescript.

Typescript example

NTLM

If you are not on a Microsoft Windows Active Directory Domain, it will use the NLTM authentication protocol.

Note: the NTLM protocol is not very secure, so be sure to be above HTTPS.

Kerberos

You should see this Node Expose SSPI Kerberos dedicated documentation.

Rebuilding the binary

If the provided Windows binary does not work for your OS, You can rebuild the Node addon binary:

cd .\node_modules\node-expose-sspi
npm run build

Note: You need a proper C++ Windows Toolchain installed. One way to do it is to install this module:

npm install --global windows-build-tools

Test and Example

To run the test and the example, just clone this project.

git clone https://github.com/jlguenego/node-expose-sspi.git
cd node-expose-sspi
npm i
npm test
npm run example

Development

To compile the native node module, you need:

npm install --global windows-build-tools
git clone https://github.com/jlguenego/node-expose-sspi.git
cd node-expose-sspi
npm run build

Angular example

See the Github repository: https://github.com/jlguenego/angular-sso-example

React example

See the Github repository: https://github.com/jlguenego/react-sso-example

Vue example

TODO

TODO

Any idea of new features ? Please tell me and raise an issue. 😊

  • write a NTLM/Kerberos web client example.
  • write a proxy example (writing sso user in the HTTP header)

Author

Jean-Louis GUENEGO jlguenego@gmail.com (http://jlg-consulting.com/)

You may participate to complete this project if you need to use SSPI in another use case. Contributors would be welcome!