1

i have a web application that can integrate with active directory. I can import users from ldap and users can sign in using their same credentials with ldap.

But i have a use case that users would be able to seamlessly sign in to my application. When a user opens my web app, it should let the user in if the user is authenticated in Active Directory. If not, my web app will be redirect the user into the login page. I could not find any solution to that. There are lots of different methods for sso like SAML, NTLM, Kerberos, Windows Integrated Authentication etc. and im really lost.

Is there anyone can help me ? I couldn't find how to implement this kind of sso.

Im using react as my frontend and go as my backend. In active directory, i have kerberos and ldap installed.

Im sorry, im very new to this Active Directory world.

In my backend, im connecting to ldap and get the users from provided Organizational Units and DN's. This users can login using their same credentials with ad to authenticate my application.

I want to implement SSSO(Seamless Single Sign-on) to the application. Same users that i import from ldap should be able to login without entering any credentials. I cannot find anything related to this topic and im stuck.

1 Answer 1

Reset to default
1

I have done this, but in .NET with IIS. I can describe how I did it, and maybe you can replicate the same idea in your environment.

Use a form for your main authentication. Let's call that page /Login.

Make another endpoint (we'll call it /WinLogin) that uses Windows Authentication. This will be the tricky part that you'll have to figure out how to do. In IIS, this can be done using the <location> tag in the web.config to change the authentication for only one endpoint. The only code that endpoint will have is to set the cookie if authentication succeeds.

On your /Login page, have the username and password fields hidden by default (we use the jQuery LoadingOverlay plugin). Add JavaScript that will make an AJAX request to /WinLogin. If that AJAX call succeeds, forward the user to the page they need to go to. If it fails, show the username and password fields on the page.

Make sure that the domain of your website is added to the Trusted Sites in Windows so that Chrome and Edge will automatically send the credentials.

1
  • Thanks a lot for your answer, i'll try to replicate it and let you know if it solved or not. I really appreciate it :)
    – razork
    Commented Jun 20, 2023 at 16:29

Not the answer you're looking for? Browse other questions tagged or ask your own question.