Reading authorization response for HTTP AD login

Question

I am trying to implement Active Directory login for my webpage. The webpage is hosted on a Node.js server that can talk to a the AD server via LDAP (so it is not on the same physical machine right now).

To trigger the login request, I send a 401 and WWW-Authorize: Neogiate response to a GET request triggered when the page is loaded. This causes Chrome to open a Username/Password dialogue. However when I enter some info and click Submit, I do not see any of the username/password data. Instead I see this authorization: 'Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAKAGNFAAAADw==' which when decoded is this NTLMSSP cE

I am not sure what to do with this token or how to proceed.

score 1 · Answer 1 · answered Sep 30 '21 at 06:13

You are running into this error because the server is directing you for implementation and Protected GSSAPI Negotiation Mechanism. This is a Microsoft invention for negotiating a type of authentication to use for Web SSO (single-sign-on):

either NTLM
or Kerberos

You need to store this token into the localStorage or cookies.

For example when you get the token from the server you then can save this on localStorage like this:

 localStorage.setItem('token', token);

Then when you call the API you then have to send this token to the server with the request.

Thanks. I ended up using `express-ntlm` which (for maybe the first time in history) worked on the first try — tester778899, Oct 01 '21 at 17:25

Reading authorization response for HTTP AD login

1 Answers1