[FEATURE] Allow Integrated Authentication for all environments #11
Comments
|
Hi Apurv, Thank you for the feedback. We ask (and encrypt) for passwords as they are supplied to other tools during your session (e.g. CrmSvcUtil), in addition to WebAPI requests (where possible). We do have some backlog around AD login, and it is currently possible to use Azure AD connections without user credentials as client secret/client key if you've configured your AD tenant to do so. I think what you're asking for is 2 fold:
#2 is certainly feasible and something we will add to our backlog. There's quite a bit of infra in place to make this work, and we will look at prioritizing this for 0.9.0. As #1 goes, we're a bit at the whim of auth protocols available to nodeJs's runtime, and SSPI/Windows auth hasn't been one of them (until recently). This post from StackOverflow does a pretty good job of outlining the details: https://stackoverflow.com/questions/13949163/windows-integrated-authentication-in-node-js-client Here's the challenge. The end-user would need to be on a corporate network that's using Kerberos (not just NTLM) and not using constrained delegation (node-sspi doesn't resolve the SPN's for constrained delegation well). We've toyed with the scenario and felt that the development cost was high vs. the anticipated customer count that would rely on this feature. Now, that all being said... we're happy to be wrong and to reconsider. I'll leave the conversation open here for additional feedback. |
Description:
It looks like you cannot authenticate until and unless you've provided username and password. I would hesitant to provide password specifically when I am working in a corp network.
Potential Resolution
1- OnPremise - Allow Integrated Auth
2- OAuth/AD/CDS Online - Allow using AD Login (wiz. Prompting for user/password consent screen)
The text was updated successfully, but these errors were encountered: