1

I implemented "express-ntlm" on my NodeJS server for to provide SSO login. It run well with Chrome: user's login and password are validated by the navigator... But with Firefox or Edge, it seems there is no check: you can enter any user login and a wrong password, but nothing is check, and these identities are send directly to the server.

How to force Firefox and Edge to check these identities ? Or, do I have to check these identities with a LDAP on the server ? (but the NTLM package doesn't provide the password...)

Didier68
  • 1,027
  • 12
  • 26
  • Is there any error when you login with Edge and Firefox? Do you use NTLM-Authentication without validation [like this](https://github.com/einfallstoll/express-ntlm#without-validation)? Have you enabled NTLM authentication in Edge and Firefox like which mentioned in [this doc](https://www.adaxes.com/help/EnableKerberosNTLMAuthentication/)? – Yu Zhou Jan 05 '22 at 09:54
  • Yes for the NTLM Authentification... The problem is that the browser can send any authentication data without any guarantee of its validity. I used another website from Firefox where the authentication is fine, but this site is hosted on IIS. And without having to force any parameterization ... However, it would not be logical that it is necessary to put a parameter to ensure that one will not falsify its identity. – Didier68 Jan 06 '22 at 21:06
  • Could you please provide [a minimal code snippet](https://stackoverflow.com/help/minimal-reproducible-example) and the steps to **reproduce the issue**? So that we can have a test and see how to help. – Yu Zhou Jan 07 '22 at 09:49

0 Answers0