All ingenious is simple. But to achieve the simplicity one has to read thousands of manuals. That is why, once I’ve got a full understading in the domain, I’ve decided to write a quick-start tutorial about implementing Single Sign-On in a web application connected to Active Directory (AD). Also I would like to share my test project and I am looking for your feedback.

Let’s start with some theory. SSO is an idea when user needs to enter his / her username and password once in Active Directory when he logs to the operating system and later, when using a Web application, he gets automatically authenticated using his AD credentials.

For this, browsers support the following: when browser gets HTTP code 401 “Not Authorized” and <WWW-Authenticate: Negotiate> header in a response to GET request it triggers a request to KDC (Key Distribution Center, one of AD services) to obtaine a special SPNEGO-token for the web service. If no record was found for such a web service in the AD, the browser provides a standard response for NTLM authorization.

#nodejs #sso #kerberos