Created
August 7, 2015 13:27
-
-
Save dmansfield/c75817dcacc2393da0a7 to your computer and use it in GitHub Desktop.
Node.js HTTP client with kerberos/gssapi/negotiate/spnego authentication
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// | |
// tested with kerberos 0.0.12 on linux against apache running mod_auth_kerb with Samba AD providing KDC | |
// | |
var Kerberos = require('kerberos').Kerberos; | |
var kerberos = new Kerberos(); | |
var http = require('http'); | |
function httpget(opts, callback) { | |
console.log('submitting to '+(opts.hostname||opts.host)+' with authorization header: '+(opts.headers||{}).authorization); | |
var req = http.get(opts, function(res) { | |
if (res.statusCode == 401) { | |
submitWithAuthorization(req, opts, callback); | |
return; | |
} | |
callback(res); | |
}); | |
return req; | |
} | |
function submitWithAuthorization(oldreq, opts, callback) { | |
kerberos.authGSSClientInit("HTTP@"+(opts.hostname || opts.host), 0, function(err, ctx) { | |
if (err) { | |
throw new Error(""+err); | |
} | |
console.log('done init '+ctx); | |
kerberos.authGSSClientStep(ctx, "", function (err) { | |
if (err) { | |
throw new Error(""+err); | |
} | |
console.log('done step '+ctx.response); | |
var headers = opts.headers || {}; | |
headers.authorization = "Negotiate "+ctx.response; | |
opts.headers = headers; | |
var newreq = httpget(opts, callback); | |
// tell oldReq "owner" about newReq. resubmit is an "unofficial" event | |
oldreq.emit('resubmit', newreq); | |
kerberos.authGSSClientClean(ctx, function(err) { | |
if (err) { | |
throw new Error(""+err); | |
} | |
}); | |
}); | |
}); | |
} | |
// ////////////////////////////////////////////////////////////////// | |
var options = { | |
hostname : "somehost.protected.by.spnego.example.com" | |
, path : "/" | |
}; | |
var req = httpget(options, function(res) { | |
var body = ''; | |
res.on('data', function(chunk) { | |
body += chunk; | |
}); | |
res.on('end', function() { | |
console.log("BODY: "+body); | |
}); | |
}); | |
req.on('resubmit', function(newreq) { | |
console.log('request resubmitted'); | |
req = newreq; | |
}); | |
return; |
@91pavan try running kinit -f
in your terminal prior to running this script.
I keep getting undefined for the security header output. Any suggestions?
What can be done to make it work on Windows?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi @dmansfield, thanks for the gist. Very useful..
When I execute this, I get the following error :
Any idea how I can fix this?
Should there be a keytab file for the user against which i'm authenticating? If so, where should I place it?