Replies: 3 comments 1 reply
-
|
Hi,
Sometimes, the windows domain takes time for setting the SPN (Service
Principal Name). May be a reboot of your client machine is necessary.
If your browser decides to send NTLM instead of Kerberos this is not a node
expose sspi issue.
If you want to force Kerberos from a client, you can also use the
node-expose-sspi client. There is an option to send message with Kerberos.
Hope this helps.
…On Tue, Mar 16, 2021 at 1:21 PM Barış Ertaş ***@***.***> wrote:
I have followed the Kerberos scenario document fully. However, when I make
a request from the client browser to the PC that has server in it, I am
still getting the method as NTLM. In the document, it says the SSO
authentication should be in Kerberos, if it's set in *server.js* file,
how am I going to set it as Kerberos explicitly in *server.js* file? Both
my client and server are on different machines and in the same domain. From
the client browser I make a request as *serverpc-name:3000* say
*desktop-12313:3000*. In the response I am getting NTLM. What are your
recommendations?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#75>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAVV6TSWOPI5YSGP3P3BHL3TD5ELVANCNFSM4ZIOEGCQ>
.
--
Jean-Louis GUENEGO
Tel : +33 6 12 19 81 48
mail: ***@***.***
|
Beta Was this translation helpful? Give feedback.
-
|
So, there is no necessary configuration on server.js file to force as Kerberos? I mean it will either use Kerberos as default automatically or we'll force it from the client side? I am just typing the url from the browser. I just want to make sure that the structure works properly that in the background client-server architecture uses Kerberos. What I am trying to do is implementing an SSO feature to the web application. |
Beta Was this translation helpful? Give feedback.
-
|
The HTTP server sends a Authentication Negotiate message.
It is the HTTP client who will decide to choose to use NTLM or Kerberos,
the server will supports both methods.
You have to set your system in order that your navigator uses Kerberos.
Please follow instructions here :
https://github.com/jlguenego/node-expose-sspi/blob/master/doc/Kerberos.md
…On Tue, Mar 16, 2021 at 2:08 PM Barış Ertaş ***@***.***> wrote:
So, there is no necessary configuration on server.js file to force as
Kerberos? I mean it will either use Kerberos as default automatically or
we'll force it from the client side? I am just typing the url from the
browser. I just want to make sure that the structure works properly that in
the background client-server architecture uses Kerberos. What I am trying
to do is implementing an SSO feature to the web application.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#75 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAVV6TRFHE5QKWFTBSHDIVTTD5J3TANCNFSM4ZIOEGCQ>
.
--
Jean-Louis GUENEGO
Tel : +33 6 12 19 81 48
mail: ***@***.***
|
Beta Was this translation helpful? Give feedback.
-
|
This is exactly what I did. Btw although I set the SPNs, when I make a request using SPNs it gives me an error on the client side (browser). I can just make a request using the server's computer name. And let's say I use the client-side code you provided in the client computer and get the method as Kerbeos. Is it enough to make sure that the whole things are running properly? I mean at which point I can say; yes It works properly? Another thing is that the keytab I have looked at your docuements but couldn't find a single thing about this keytab file. Is it not necessary? thanks |
Beta Was this translation helpful? Give feedback.
-
I have followed the Kerberos scenario document fully. However, when I make a request from the client browser to the PC that has server in it, I am still getting the method as NTLM. In the document, it says the SSO authentication should be in Kerberos, if it's set in server.js file, how am I going to set it as Kerberos explicitly in server.js file? Both my client and server are on different machines and in the same domain. From the client browser I make a request as serverpc-name:3000 say desktop-12313:3000. In the response I am getting NTLM. What are your recommendations?
Beta Was this translation helpful? Give feedback.
All reactions