Are you sure you want to delete this task? Once this task is deleted, it cannot be recovered.
lewis e28644e8d9 | 1 year ago | |
---|---|---|
.. | ||
secctx | 1 year ago | |
.gitignore | 4 years ago | |
.travis.yml | 4 years ago | |
LICENSE | 4 years ago | |
README.md | 4 years ago | |
go.mod | 4 years ago | |
go.sum | 4 years ago | |
userinfo.go | 4 years ago | |
utf16.go | 4 years ago | |
websspi_windows.go | 4 years ago | |
win32_windows.go | 4 years ago |
websspi
will be an HTTP middleware for Golang that uses Kerberos for single sign-on (SSO) authentication of browser based clients in a Windows environment.
The main goal is to create a middleware that performs authentication of HTTP requests without the need to create or use keytab files.
The middleware will implement the scheme defined by RFC4559 (SPNEGO-based HTTP Authentication in Microsoft Windows) to exchange security tokens via HTTP headers and will use SSPI (Security Support Provider Interface) to authenticate HTTP requests.
The examples directory contains a simple web server that demonstrates how to use the package.
Before trying it, you need to prepare your environment:
Create a separate user account in active directory, under which the web server process will be running (eg. user
under the domain.local
domain)
Create a service principal name for the host with class HTTP:
Start Command prompt or PowerShell as domain administrator
Run the command below, replacing host.domain.local
with the fully qualified domain name of the server where the web application will be running, and domain\user
with the name of the account created in step 1.:
setspn -A HTTP/host.domain.local domain\user
Start the web server app under the account created in step 1.
If you are using Chrome, Edge or Internet Explorer, add the URL of the web app to the Local intranet sites (Internet Options -> Security -> Local intranet -> Sites
)
Start Chrome, Edge or Internet Explorer and navigate to the URL of the web app (eg. http://host.domain.local:9000
)
The web app should greet you with the name of your AD account without asking you to login. In case it doesn't, make sure that:
Local intranet
zoneIntegrated Windows Authentication
should be enabled in Internet Explorer (under Advanced settings
)本项目是群体化方法与技术的开源实现案例,在基于Gitea的基础上,进一步支持社交化的协同开发、协同学习、协同研究等群体创新实践服务,特别是针对新一代人工智能技术特点,重点支持项目管理、git代码管理、大数据集存储管理与智能计算平台接入。
Go SVG JavaScript Vue HTML other
Dear OpenI User
Thank you for your continuous support to the Openl Qizhi Community AI Collaboration Platform. In order to protect your usage rights and ensure network security, we updated the Openl Qizhi Community AI Collaboration Platform Usage Agreement in January 2024. The updated agreement specifies that users are prohibited from using intranet penetration tools. After you click "Agree and continue", you can continue to use our services. Thank you for your cooperation and understanding.
For more agreement content, please refer to the《Openl Qizhi Community AI Collaboration Platform Usage Agreement》