This project is read-only.









WAFFLE - Windows Authentication Functional Framework (Light Edition) is a native C# and Java library that does everything Windows authentication (Negotiate, NTLM and Kerberos).

Short Story

Most people will be interested in one of the following.

  • Simple native interfaces in C# and Java to do all things Windows authentication.
  • A generic Servlet Negotiate (NTLM and Kerberos) Security Filter - Tutorial.
  • A Tomcat Negotiate (NTLM and Kerberos) Authenticator Valve - Tutorial.
  • A Tomcat Single Sign-On + Form Authentication Mixed Valve - Tutorial.
  • A Spring-Security Negotiate (NTLM and Kerberos) Filter - Totorial.
  • A Spring-Security Windows Authentication Manager
  • A JAAS Login Module - Tutorial.
  • If you're using Tomcat, Jetty or Websphere with an IIS front-end to do authentication only, Waffle will allow you to get rid of IIS.

Unlike many other implementations WAFFLE on Windows does not usually require any server-side Kerberos keytab setup, it's a drop-in solution. You can see it in action in this slightly blurry video produced for

Waffle was created and is sponsored by Application Security Inc.. For a long story, read the Project History. Also, feel free to use this PowerPoint presentation for your teams.


  • Account lookup locally and in Active Directory via Win32 API with zero configuration.
  • Enumerating Active Directory domains and domain information.
  • Returns computer domain / workgroup join information.
  • Supports logon for local and domain users returning consistent fully qualified names, identity (SIDs), local and domain groups, including nested.
  • Supports all functions required for implementing server-side single-signon with Negotiate and NTLM and various implementations for Java web servers.
  • Supports Windows Identity impersonation.
  • Includes a Windows Installer Merge Module for distribution of C# binaries.


This is a free project. The least you can do is reply to Are you using WAFFLE in your product?. We also love good ratings! Your time is much appreciated.


Read Troubleshooting Negotiate and Frequently Asked Questions. Don't hesitate to post questions into Discussions.


There're three 1.4 forks, 1.4-tomcat-5 (Beta), 1.4-tomcat-7 and 1.4-spring-security-2 (Beta).

Last edited May 2, 2012 at 2:58 AM by dblock, version 51