search

jlguenego / node-expose-sspi

Expose Microsoft Windows SSPI to Node for SSO authentication.
ISC License
128 stars 19 forks source link

serverContextHandle not retrieved #103

Closed DanBrk closed 3 years ago

DanBrk commented 3 years ago

My nodejs application run as IIS site. The site is configured with Windows Authentication. I receive the error "serverContextHandle not retrieved". When the server run as stand alone without IIS it identify the logged in user. What is the meaning of this error and how can I fix that ?

The trace looks like this:

statusInfo: Promise { } messageType: NTLM_AUTHENTICATE_03 Error: serverContextHandle not retrieved. at D:\Portal\Purple-UI-Services\node_modules\node-expose-sspi\dist\sso\auth.js:113:27 at D:\Portal\Purple-UI-Services\node_modules\node-expose-sspi\dist\sso\auth.js:190:11 at Layer.handle [as handle_request] (D:\Portal\Purple-UI-Services\node_modules\express\lib\router\layer.js:95:5) at trim_prefix (D:\Portal\Purple-UI-Services\node_modules\express\lib\router\index.js:317:13) at D:\Portal\Purple-UI-Services\node_modules\express\lib\router\index.js:284:7 at Function.process_params (D:\Portal\Purple-UI-Services\node_modules\express\lib\router\index.js:335:12) at next (D:\Portal\Purple-UI-Services\node_modules\express\lib\router\index.js:275:10) at urlencodedParser (D:\Portal\Purple-UI-Services\node_modules\body-parser\lib\types\urlencoded.js:100:7) at Layer.handle [as handle_request] (D:\Portal\Purple-UI-Services\node_modules\express\lib\router\layer.js:95:5) at trim_prefix (D:\Portal\Purple-UI-Services\node_modules\express\lib\router\index.js:317:13) at D:\Portal\Purple-UI-Services\node_modules\express\lib\router\index.js:284:7 at Function.process_params (D:\Portal\Purple-UI-Services\node_modules\express\lib\router\index.js:335:12) at next (D:\Portal\Purple-UI-Services\node_modules\express\lib\router\index.js:275:10) at jsonParser (D:\Portal\Purple-UI-Services\node_modules\body-parser\lib\types\json.js:119:7) at Layer.handle [as handle_request] (D:\Portal\Purple-UI-Services\node_modules\express\lib\router\layer.js:95:5) at trim_prefix (D:\Portal\Purple-UI-Services\node_modules\express\lib\router\index.js:317:13) at D:\Portal\Purple-UI-Services\node_modules\express\lib\router\index.js:284:7 at Function.process_params (D:\Portal\Purple-UI-Services\node_modules\express\lib\router\index.js:335:12) at next (D:\Portal\Purple-UI-Services\node_modules\express\lib\router\index.js:275:10) at cors (D:\Portal\Purple-UI-Services\node_modules\cors\lib\index.js:188:7) at D:\Portal\Purple-UI-Services\node_modules\cors\lib\index.js:224:17 at originCallback (D:\Portal\Purple-UI-Services\node_modules\cors\lib\index.js:214:15)

jlguenego commented 3 years ago

Please indicate more info (version, etc.). There is a template for raising issues. Please follow it.

If you are using an old version of node-expose-sspi it is possible that you have an issue with IIS.

DanBrk commented 3 years ago

I am using node-expose-sspi: "0.1.59" with NodeJs version 12.21 The machine is Windows Server 2016 and it is part of Active Directory domain.

My application which includes node-expose-sspi runs with node.exe and it is behind IIS reverse proxy site. The IIS site is configured with 'Windows Authentication' (In the sites's authentication settings)

My client send HTTP GET command with Negotiate header to the IIS. From the IIS logs I can see that the context user is correct. In my case 'user2b@storenext.co.il' This is the IIS logs:

2021-07-28 06:20:27 172.16.3.118 GET /service/user/ X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=71bdc519-e623-4dea-ac7a-45d854512e72&SERVER-STATUS=400 9711 user2b@storenext.co.il 212.143.74.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/92.0.4515.107+Safari/537.36+Edg/92.0.902.55 https://saml-tst.storenext.co.il/purple-land/ 400 0 0 0

node-expose-sspi in my node application throws: UnauthorizedError: SEC_E_LOGON_DENIED. (incorrect login/password, or account disabled, or locked, etc.). Protocol Message = Kerberos_1.

What do I need to make it work ?

geoffbarcalow commented 3 years ago

I'm getting the same error, but with a different environment; mine are the result of unit tests in Postman. The first two tests will work just fine, but then they all fail. Slowing down the test's doesn't help, thought maybe they were being sent too fast.

at next (c:\Users\geoffb\Projects\ctIntranet22\ctNetApi\node_modules\express\lib\router\index.js:275:10) at query (c:\Users\geoffb\Projects\ctIntranet22\ctNetApi\node_modules\express\lib\middleware\query.js:45:5) at Layer.handle [as handle_request] (c:\Users\geoffb\Projects\ctIntranet22\ctNetApi\node_modules\express\lib\router\layer.js:95:5) at trim_prefix (c:\Users\geoffb\Projects\ctIntranet22\ctNetApi\node_modules\express\lib\router\index.js:317:13) statusInfo: Promise { <pending> } messageType: NTLM_AUTHENTICATE_03 UnauthorizedError: Error while doing SSO: serverContextHandle not retrieved. at c:\Users\geoffb\Projects\ctIntranet22\ctNetApi\node_modules\node-expose-sspi\src\sso\auth.ts:241:25 at c:\Users\geoffb\Projects\ctIntranet22\ctNetApi\node_modules\node-expose-sspi\src\sso\auth.ts:243:7 at Layer.handle [as handle_request] (c:\Users\geoffb\Projects\ctIntranet22\ctNetApi\node_modules\express\lib\router\layer.js:95:5)

Forgive my ignorance, how important is it to cache context in ServerContextHandleManager? Maybe an option to disable the cache?

DanBrk commented 3 years ago

Opened another issue instead