Windows AD single sign on using javascript and node

Question

I am in the process of implementing a single page app based on Angular and Node.js, running on a Windows Server within a corporate Windows Active directory domain environment. I know that it is possible to authenticate via AD (by passing a username and password) with the assistance of node packages such as "passport-ldapauth" and "node-activedirectory".

My question is: what would be the most feasible/straight-forward way of implementing single sign-on functionality, so that a user that had already authenticated to Active Directory on the PC / domain would not have to enter their AD username/password again?

I have come across Auth0 packages which are able to do this, but I understand they required an externally hosted cloud service? (which is not an option for me).

Thanks very much in advance.

Update: I have been investigating Kerberos as this could be a solution, however there does not seem to be any mature NPM packages out there for node and Kerberos ? Update 2: I have found a package called Node-SSPI that looks very promising. I have not had a chance to try it out on windows domain (hopefully will tomorrow) but it was able to verify the user logged on to my local machine.

Thanks

Answer 1

Since 2020, it can also be done with node-expose-sspi. This module let you deal with the Microsoft SSPI API which was exposed to Node.

SSO can be done with both Kerberos and NTLM. It has been tested and is in production as intranet ERP.

Note: I am the author of node-expose-sspi.

Answer 2

As the author noted in their update, this can be done with Node-SSPI. I verified that it also works on a windows domain.