Package Exports
- node-expose-sspi
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (node-expose-sspi) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
node-expose-sspi
Expose the Microsoft Windows SSPI (SSP Interface) to Node.js®.
😏 Use cases:
- NTLM and Kerberos SSO authentication inside a private organization network, for instance an ERP in a private company.
- Active Directory access to users for detailed info.
Requirements: Microsoft Windows OS, NodeJS version >=12.16.1.
Install
Just do:
npm i node-expose-sspiNote: There is a prebuilt binary node addon that will be installed.
Usage
SSO Authentication server use case
mkdir myproject
cd myproject
npm init -y
npm i express
npm i node-expose-sspiMake an express web server by doing the server.js file:
const express = require('express');
const { sso } = require('node-expose-sspi');
const app = express();
app.use(sso.auth());
app.use((req, res, next) => {
res.json({
sso: req.sso,
});
});
app.listen(3000, () => console.log('Server started on port 3000'));node server.jsOpen a Google Chrome web browser and go to http://localhost:3000.
You should see the JSON result with the browser user authentication info and the authentication method used (NTLM or Kerberos).
{
"sso": {
"method": "NTLM",
"user": {
"domain": "JLG",
"name": "jlouis",
"displayName": "Jean-Louis P. GUÉNÉGO",
"groups": [
"JLG\\Domain Users",
"\\Everyone",
// ...
],
"sid": "S-1-5-21-2022955591-1730574677-3210790899-1103",
"adUser": {
// adUser filled only if Active Directory is reachable.
"objectClass": ["top", "person", "organizationalPerson", "user"],
"cn": ["Jean-Louis P. GUÉNÉGO"],
"sn": ["GUÉNÉGO"],
"c": ["FR"],
"l": ["TORCY"],
"title": ["IT Consultant"],
"description": ["My microsoft domain account for demonstrating SSO"],
"postalCode": ["77200"],
"physicalDeliveryOfficeName": ["Office of my lovely wife Suzana"],
"telephoneNumber": ["+33612131415"],
"givenName": ["Jean-Louis"],
"initials": ["P"],
"distinguishedName": [
"CN=Jean-Louis P. GUÉNÉGO,OU=JLG_LOCAL,DC=jlg,DC=local"
],
"instanceType": [4],
"whenCreated": ["3/19/2020 10:58:19 AM"],
"whenChanged": ["3/19/2020 5:40:06 PM"],
"displayName": ["Jean-Louis P. GUÉNÉGO"],
// ...
"co": ["France"],
"company": ["JLG Consulting"],
"streetAddress": ["2 allée du Commandant Charcot"],
"wWWHomePage": ["www.jlg-consulting.com"],
// ...
"sAMAccountName": ["jlouis"],
// ...
"mail": ["jlguenego@gmail.com"],
"ADsPath": [
"LDAP://CN=Jean-Louis P. GUÉNÉGO,OU=JLG_LOCAL,DC=jlg,DC=local"
]
}
},
// ...
}
}Note: To read JSON file on Chrome, you should use the JSON Formatter Chrome Extension.
Browsers
Chrome
No conf. It just works.
Firefox
Unlike Chrome, NTLM and Kerberos are not activated by default in Firefox. To make it working, you need to follow these steps:
- Navigate to the URL
about:config. - Click past the warning of harmful consequences.
- Type
negotiate-authinto the filter at the top of the page, in order to remove most of the irrelevant settings from the list. - Double-click on
network.negotiate-auth.trusted-uris. A dialogue box for editing the value should appear. - Enter the required hostname(s) and/or URL prefix(es) then click OK. For the above example, it is
http://localhost:3000
Edge
Edge does not require any configuration. But the browser ask the credentials to the user each time it is started.
API
The API is automatically documented with typedoc.
Access to the detailed API document.
Note: you should read all the sso source code. You will see how powerfull the api.sspi, and api.adsi can bring to you.
You can also read the mocha unit tests to see small examples.
Typescript
This module is also integrated with Typescript.
NTLM
If you are not on a Microsoft Windows Active Directory Domain, it will use the NLTM authentication protocol.
Note: the NTLM protocol is not very secure, so be sure to be above HTTPS.
Kerberos
You should see this Node Expose SSPI Kerberos dedicated documentation.
Examples
To run the examples, just clone this project.
git clone https://github.com/jlguenego/node-expose-sspi.git
npm i
cd node-expose-sspi
cd examples
cd <***example-name***>Look also at the README.md of the example.
Examples :
- Express simple
- Koa simple
- Fastify simple
- Restify simple
- Reverse proxy example
- Angular SSO example
- React SSO example
- Vue SSO example
- HTTP(S) fetch API with SSO
Development
As a prerequisites, you need node-gyp and a C++ toolchain installed on your environment.
If you did not installed node-gyp and the C++ toolchain, please open a PowerShell command line as an administrator and do :
npm i -g windows-build-toolsTo compile the native node module, do the following:
git clone https://github.com/jlguenego/node-expose-sspi.git
cd node-expose-sspi
npm run build
npm run testAll tests are done with mocha.
The module debug is used for printing some debug info.
TODO
Any idea of new features ? Please tell me and raise an issue. 😊
- write a nestjs example
- write a medium article
- publish on Facebook
- Funding
- Integrate with passport?
- Test with 10000 users.
- Filter groups options.
- BUG: Connect to a local account while being on a domain
Thanks
Thanks to all the people who wrotes the npm modules required by this project.
And a very special thanks to the authors of the node-sspi project that helped me writing this one. I considere node-sspi to be the father of node-expose-sspi.
Author
Jean-Louis GUENEGO jlguenego@gmail.com (http://jlg-consulting.com/)
You may participate to complete this project. You can improve this doc, or check the code (memory leak, etc.), create new usefull business cases, etc.
Contributors are welcome!