I am develoing in a corporate AD environment and want to setup SSO using Kerberos for an Angular 7 web application. Our server infrastructure is Linux/RHEL so IIS is not an option, Tomcat Apache or Nginx are most likely to enact kerberos sso functionality.
We are familiar with configuring Tomcat Apache and Spring Security Kerberos for java web applications, however as the Angular application runs on the client, I don't understand how to access the authenticated user's data from within the Angular typescript code.
Is there an option to have a reverse proxy intercept the call to the Angular app, authorize using Kerberos and resolve the employeeId (our orginization's unique identifier in AD typically returned by kerberos) and 'pass it through' to the Angular application - and how to access that information in the App. We can subsequently perform all the AD Group authorization and User details look-ups with calls to services we're happy to write.
Or prehaps to again intercept an unauthorized call and populate a jwt that we can then pass to the Angular app. This should all happen seamlessly before there is any user interaction with the app. Any Patterns or suggestions very gratefully recieved ... thx for your considerations.
