Closed brianlagerman closed 7 years ago
s-KaiNet
commented
7 years ago You're right...good point indeed. Will add it in the next release.
A few questions regarding your issue:
{
domain: 'domain',
username: 'user',
password: 'pass'
}
brianlagerman
commented
7 years ago I tried another round using the On demand version via electron, and got a different error (Error: Cookie array is empty) which is pointing me in the right direction.
Our SharePoint 2016 is set to use Negotiate (Kerberos), and I do see valid NTLM headers (eventually) through Fiddler when browsing directly:
-[NTLM Type2: Challenge]------------------------------ Provider: NTLMSSP Type: 2 OS Version: 6.3:9600 Flags: 0xa2898205 Unicode supported in security buffer. Request server's authentication realm included in Type2 reply. NTLM authentication. Negotiate Always Sign. Negotiate NTLM2 Key. Target Information block provided for use in calculation of the NTLMv2 response. Supports 56-bit encryption. Supports 128-bit encryption. Challenge: 7A 74 F7 BC B9 47 CC 67 WWW-Authenticate Header is present: Negotiate
Thing is, we have a Citrix NetScaler appliance sitting in the middle. When running the on demand version I see only these 3 cookies, and no authentication header, in the initial response:
"{"name":"NSC_TMAA","value":"{val}","domain":"{host}","hostOnly":true,"path":"/","secure":false,"httpOnly":false,"session":true}" "{"name":"NSC_TMAS","value":"{val}","domain":"{host}","hostOnly":true,"path":"/","secure":true,"httpOnly":false,"session":true}" "{"name":"NSC_PERS","value":"{val}","domain":"{host}","hostOnly":true,"path":"/","secure":false,"httpOnly":false,"session":false,"expirationDate":1510592853.577268}"
As none of these are httpOnly, the OnDemand resolver gives us here.
So I'm assuming at this point that in order for me to get this working I would need capture this initial response (probably through a new resolver or some intercept) and make another request. Could be a pretty deep rabbit hole...
s-KaiNet
commented
7 years ago Now I see... unfortunately kerberos doesn't supported, all I can recommend is to extend your web app to other supported authentication, ntlm for example.
I'm getting an "Unhandled rejection TypeError: callback is not a function" when using OnPremiseUserCredentials.
The error is getting thrown in parseType2Message from ntlm.js:
callback(new Error("Couldn't find NTLM in the message type2 comming from the server"));with the offending line in OnPremiseUserCredentials :
let type2msg: any = ntlm.parseType2Message(response.headers['www-authenticate']);In my case it sure appears that I'm not getting the right server response, but it would be better if the OnPremiseUserCredentials resolver would bubble up the error message by providing the callback and rejecting the promise...