Document behavior with hostname redirection
bruceceng opened this issue · comments
In order to authenticate the server hostname must be a specific value (I have only tested "http://localhost:3000/"). If I try to authenticate with http://sspi.auth.local:3000/ (where sspi.auth.local redirects to localhost in the windows hosts file) then the authentication fails.
I guess this is by the design of Kerberos and/or NTLM that the browser (client) must only generate correct credentials for a proper server name. It just seems like this could be better documented.
I encountered the problem when testing a server with HTTPS, since many solutions suggest setting the fully qualified domain name specified in the certificate to a form like "[testname].local".
After some investigation I found that the client can be called with setTargetName("localhost") even when connecting to http://sspi.auth.local:3000 and get the correct behavior.
I added at the top of the README two links that will be completed with times, and user feedback. One of them is about error analysis.
I started with your use case.
Hope this help.