...
NodeJS handles AD authentication, using passport with passport-ldapauth strategy. Then responds with ssoSessionId & ssoUserId, if authentication successful.
PASOES passes back to Client the ssoSessionId & ssoUserId.
Note: node-main is hidden behind PASOE server from the client's perspective.
...