Skip to content

sspiPackagesUsed: ['Negotiate'] is prompting user to login? #93

New issue
New issue
Open
Open
sspiPackagesUsed: ['Negotiate'] is prompting user to login?#93
@thegoatherder

Description

@thegoatherder
thegoatherder
opened on Feb 22, 2021

The following NodeSSPI options successfully auth a user (without prompting for credentials) accessing https://myhost:9990/ over XHR request (node v14.15.1):

options = {
  // sspi cache = 1 hour
  cacheTTL: process.env.AUTH_CACHE_TTL || 60000 * 60,
  // sspi initialisation settings
  retrieveGroups: true,
  authoritative: true,
  offerBasic: false,
  sspiPackagesUsed: ['NTLM']
};

We have been instructed by IT that NTLM is not allowed and we must use Negotiate authentication. This appears to be supported by NodeSSPI but I can’t get it to work properly.

When I try to update above config with:

sspiPackagesUsed: ['Negotiate', 'NTLM']

or

sspiPackagesUsed: ['Negotiate']

the browser accessing the service over XHR now prompts the user to enter their username and password for the request (tested in Chrome, Edge, IE11)

How can I use Negotiate authentication without prompting the user? Is Negotiate the correct value?

The site is already in the Intranet Security Zone. When I use Negotiate setting on an IIS .net site on the same domain/server, it successfully authenticates without prompting the user for credentials.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions