Hi I am trying to understand how an SSO would work for users trying to use an app built on React with backend in Node.js with Microsoft Active Directory being the Identity Provider.
I have built SSO using protocols like SAML and OIDC in the same app and different Identity providers and I wish to provide users a functionality to SSO using Active Directory also. What I am not able to understand is the flow. I have read a lot of articles on internet and it only led to even more confusion for me.
Before all the reading what I was expecting was this:
- There is an Active Directory server having some authentication url that my app will redirect the users to.
- Upon successful authentication the AD server will send the user back to my app with some token that my backend will process and establish a local session later for the user.
But nowhere in any of the articles I found anything related to that. On top of it there's tons of libraries available like node-expose-sspi
node-adal
ldapjs
activedirectoryjs
and what not and all of them are having different approach to making SSO work with node.
For example take node-expose-sspi
What they say is that this small piece of code is all we need.
const sso = require('node-expose-sspi');
app.use(sso());
In the above code, we didn't specify which AD server to use or any auth url, how will the package come to know what to do?
Another example: activedirectory
var ActiveDirectory = require('activedirectory');
var config = { url: 'ldap://dc.domain.com',
baseDN: 'dc=domain,dc=com',
username: 'username@domain.com',
password: 'password' }
var ad = new ActiveDirectory(config);
Ok so we have a config here but the fact that this library expects username and password of the user. But this is not SSO if application is asking for username and password from the user. Or is it some user in Active Directory that has permissions to list our users in AD, if yes then how will the node server know which user to look for when it has a list of all the users?
Maybe I am not able to understand the flow correctly. Can someone help me with that?
Thank you :)
question from:
https://stackoverflow.com/questions/65936881/authentication-flow-for-sso-between-a-node-js-react-app-and-microsoft-active 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…