Active Directory SSO for Meteor, Server Component
npm install meteor-ad-ssoActive Directory Single Sign On Authentication and Authorization for Meteor
This component runs inside Internet Information Server on a Microsoft Windows
domain. It uses Tomasz Janczuk's iisnode to integrate the node
process with IIS. IIS handles Windows Authentication using the negotiate protocol.
Once this authentication is complete, the authenticated user information and a token
will be passed to the appropriate Meteor server.
The same iisnode component may serve multiple Meteor applications.
* Install IIS and iisnode (instructions)
* Install the IIS rewrite module if not already done.
* Get the iisnode component folder into a directory on the IIS server (e.x. npm install meteor-ad-sso )
* Configure config.json as instructed below
* Adjust any firewalls needed. IIS server must be able to HTTP post to Meteor server
* From the IIS manager, add a new site and point it to the iisnode folder.
* Configure IIS to require Windows Authentication and disable Anonymous Authentication.
!Screenshot of Windows Authentication
Configuration is set in config.json.
{
"basePath" : "auth",
"apps" : {
"default" : "http://10.0.100.1:3000/ssoauth",
"messaging" : "http://10.0.100.2:3000/ssoauth"
},
"debug" : false,
"serverToken" : "5c292f53-3e7e-4d65-89f6-6f316d9b26df"
}
basePath is used to determine the iisnode path. Adjust this to avoid path conflicts as needed.
apps is an object used to determine which Meteor server to notify when a successful Windows
Authentication has been established. Each app should have a unique name, and a path to that
Meteor app, to notify it.
debug enables some console.loging which can be viewed at http://server/basepath/iisnode.