"Wrong user"

Oct 7, 2010 at 8:27 AM

Hi,

 

It's me again, and with a new problems ;-)

I have tried the different demos (filter and negotiate), and get something special...

1.

I have a put waffle-filter demo on a tomcat on a server named here 'A'.

Tomcat is started with a local account 'ServerA\LocalAccountOnServerA'

I then start IE on that server with that account, and get on waffle demo the right user :  ServerA\LocalAccountOnServerA

Then I go to my client computer named here 'B'

I start IE, and go tho the waffle-filter URL, and I get the login dialog box (!) If I fill it with my network account, I get the right name 'XYZ\U12345' on te waffle-filter jsp page...

but why is the login dialog box back again ? (it does not appears when I am on the local account on the server)

2.

I tried the other demo (waffle-negotiate) which do not use the filter.

I modify the web.xml ('Everyone' -> 'Tout le monde')

I start IE on the client size (Computer B where I am logged with my network account), and go tho the waffle-negotiate URL, and there it take a long time.........

....and at the end (without login dialog box) I did NOT get my network account BUT the  ServerA\LocalAccountOnServerA which is the local user I used to start tomcat !!!!!

 

Can you help me (again) ???

Tanks

 

 

Coordinator
Oct 7, 2010 at 1:06 PM

Comparing scenarios just adds confusion, lets treat them separately.

  1. When you login local -> local you are doing NTLMv2 authentication which does not involve a domain - those are both local accounts. That just works, your browser thinks the local computer is trusted and NTLM seems to succeed.
  2. When you try to login from a remote machine (on which I assume you logged in as xyz\u12345, xyz being an active directory domain) you get a popup. There're many possible reasons, the most obvious is that your browser doesn't believe that the server is on the intranet. The least obvious reasons need some debugging, you need to post the server log for the failed login.
  3. The last scenario is actually the least confusing. It seems like you end up not doing a logon at all (so you end up running as the user who runs Tomcat). So the browser never thinks of supplying authentication. I would confirm that by looking at an HTTP trace.

 

 

 

 

Oct 8, 2010 at 3:04 PM

I have redo the two experiences....

1. The waffle-filter demo :

- Tomcat started on a sever A with local user on port 8089 (http) (at 15:30)

- Client IE with login U12345 on XYZ. On that IE, I have the settings (registry) :

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]  ... "EnableNegotiate"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mydomain.com\myserver] "http"=dword:00000001

URL : http://myserver.mydomain.com:8089/waffle-filter (at 15:32)

Login dialog box appears. At 15:33 I write down the AD login (XYZ\U12345)  and I get the waffle-filter screen

The tomcat logs is :

8 oct. 2010 15:30:43 org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: d:\Appl\Tomcat6\bin;.;C:\WINNT\Sun\Java\bin;C:\WINNT\system32;C:\WINNT;D:\Appl\JOnAS-4.8.4\ant\bin;D:\Appl\Java\j2sdk\bin;D:\Appl\JOnAS-4.8.4\bin\nt
8 oct. 2010 15:30:47 org.apache.coyote.http11.Http11Protocol init
INFO: Initialisation de Coyote HTTP/1.1 sur http-8098
8 oct. 2010 15:30:47 org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 7446 ms
8 oct. 2010 15:30:47 org.apache.catalina.core.StandardService start
INFO: Démarrage du service Catalina
8 oct. 2010 15:30:47 org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.29
8 oct. 2010 15:30:47 org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Déploiement du descripteur de configuration host-manager.xml
8 oct. 2010 15:30:48 waffle.apache.NegotiateAuthenticator start
INFO: [waffle.apache.NegotiateAuthenticator] started
8 oct. 2010 15:30:49 org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Déploiement du descripteur de configuration manager.xml
8 oct. 2010 15:30:49 waffle.apache.NegotiateAuthenticator start
INFO: [waffle.apache.NegotiateAuthenticator] started
8 oct. 2010 15:30:49 org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Déploiement du descripteur de configuration waffle-filter.xml
8 oct. 2010 15:30:49 waffle.apache.NegotiateAuthenticator start
INFO: [waffle.apache.NegotiateAuthenticator] started
8 oct. 2010 15:30:50 waffle.servlet.spi.SecurityFilterProviderCollection <init>
INFO: loading 'waffle.servlet.spi.BasicSecurityFilterProvider'
8 oct. 2010 15:30:50 waffle.servlet.spi.SecurityFilterProviderCollection <init>
INFO: loading 'waffle.servlet.spi.NegotiateSecurityFilterProvider'
8 oct. 2010 15:30:50 waffle.servlet.NegotiateSecurityFilter init
INFO: [waffle.servlet.NegotiateSecurityFilter] started
8 oct. 2010 15:30:50 org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Déploiement du descripteur de configuration waffle-negotiate.xml
8 oct. 2010 15:30:50 waffle.apache.NegotiateAuthenticator start
INFO: [waffle.apache.NegotiateAuthenticator] started
8 oct. 2010 15:30:50 waffle.apache.NegotiateAuthenticator start
INFO: [waffle.apache.NegotiateAuthenticator] started
8 oct. 2010 15:30:50 org.apache.catalina.startup.HostConfig deployDirectory
INFO: Déploiement du répertoire ROOT de l'application web
8 oct. 2010 15:30:50 waffle.apache.NegotiateAuthenticator start
INFO: [waffle.apache.NegotiateAuthenticator] started
8 oct. 2010 15:30:50 org.apache.coyote.http11.Http11Protocol start
INFO: Démarrage de Coyote HTTP/1.1 sur http-8098
8 oct. 2010 15:30:50 org.apache.jk.common.ChannelSocket init
INFO: JK: ajp13 listening on /0.0.0.0:8009
8 oct. 2010 15:30:50 org.apache.jk.server.JkMain start
INFO: Jk running ID=0 time=0/94 config=null
8 oct. 2010 15:30:50 org.apache.catalina.startup.Catalina start
INFO: Server startup in 3536 ms
8 oct. 2010 15:31:03 waffle.servlet.NegotiateSecurityFilter doFilter
INFO: GET /waffle-filter/, contentlength: -1
8 oct. 2010 15:31:03 waffle.servlet.NegotiateSecurityFilter doFilter
INFO: authorization required
8 oct. 2010 15:32:07 waffle.servlet.NegotiateSecurityFilter doFilter
INFO: GET /waffle-filter/, contentlength: -1
8 oct. 2010 15:32:10 waffle.servlet.NegotiateSecurityFilter doFilter
INFO: successfully logged in user: XYZ\U12345
8 oct. 2010 15:32:46 org.apache.coyote.http11.Http11Protocol pause
INFO: Suspension de Coyote HTTP/1.1 sur http-8098
8 oct. 2010 15:32:47 org.apache.catalina.core.StandardService stop
INFO: Arrêt du service Catalina
8 oct. 2010 15:32:47 waffle.apache.NegotiateAuthenticator stop
INFO: [waffle.apache.NegotiateAuthenticator] stopped
8 oct. 2010 15:32:47 waffle.apache.NegotiateAuthenticator stop
INFO: [waffle.apache.NegotiateAuthenticator] stopped
8 oct. 2010 15:32:47 waffle.apache.NegotiateAuthenticator stop
INFO: [waffle.apache.NegotiateAuthenticator] stopped
8 oct. 2010 15:32:47 waffle.apache.NegotiateAuthenticator stop
INFO: [waffle.apache.NegotiateAuthenticator] stopped
8 oct. 2010 15:32:47 waffle.servlet.NegotiateSecurityFilter destroy
INFO: [waffle.servlet.NegotiateSecurityFilter] stopped
8 oct. 2010 15:32:47 waffle.apache.NegotiateAuthenticator stop
INFO: [waffle.apache.NegotiateAuthenticator] stopped
8 oct. 2010 15:32:47 waffle.apache.NegotiateAuthenticator stop
INFO: [waffle.apache.NegotiateAuthenticator] stopped
8 oct. 2010 15:32:47 org.apache.coyote.http11.Http11Protocol destroy
INFO: Arrêt de Coyote HTTP/1.1 sur http-8098

and the second experience...

2.  waffle-negotiate

- At 15:34 on IE I send the URL : http://http://myserver.mydomain.com:8089/waffle-negotiate/

- There no login dialog box.... but after a quiet long time.... the waffle-negotiate with the local tomcat login (ServerA\LocalAccountOnServerA) !

The log trace is :

8 oct. 2010 15:34:01 org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: d:\Appl\Tomcat6\bin;.;C:\WINNT\Sun\Java\bin;C:\WINNT\system32;C:\WINNT;D:\Appl\JOnAS-4.8.4\ant\bin;D:\Appl\Java\j2sdk\bin;D:\Appl\JOnAS-4.8.4\bin\nt
8 oct. 2010 15:34:02 org.apache.coyote.http11.Http11Protocol init
INFO: Initialisation de Coyote HTTP/1.1 sur http-8098
8 oct. 2010 15:34:02 org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 1994 ms
8 oct. 2010 15:34:02 org.apache.catalina.core.StandardService start


INFO: Démarrage du service Catalina
8 oct. 2010 15:34:02 org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.29
8 oct. 2010 15:34:02 org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Déploiement du descripteur de configuration host-manager.xml
8 oct. 2010 15:34:02 waffle.apache.NegotiateAuthenticator start
INFO: [waffle.apache.NegotiateAuthenticator] started
8 oct. 2010 15:34:03 org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Déploiement du descripteur de configuration manager.xml
8 oct. 2010 15:34:03 waffle.apache.NegotiateAuthenticator start
INFO: [waffle.apache.NegotiateAuthenticator] started
8 oct. 2010 15:34:03 org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Déploiement du descripteur de configuration waffle-filter.xml
8 oct. 2010 15:34:03 waffle.apache.NegotiateAuthenticator start
INFO: [waffle.apache.NegotiateAuthenticator] started
8 oct. 2010 15:34:03 waffle.servlet.spi.SecurityFilterProviderCollection <init>
INFO: loading 'waffle.servlet.spi.BasicSecurityFilterProvider'
8 oct. 2010 15:34:03 waffle.servlet.spi.SecurityFilterProviderCollection <init>
INFO: loading 'waffle.servlet.spi.NegotiateSecurityFilterProvider'
8 oct. 2010 15:34:03 waffle.servlet.NegotiateSecurityFilter init
INFO: [waffle.servlet.NegotiateSecurityFilter] started
8 oct. 2010 15:34:03 org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Déploiement du descripteur de configuration waffle-negotiate.xml
8 oct. 2010 15:34:03 waffle.apache.NegotiateAuthenticator start
INFO: [waffle.apache.NegotiateAuthenticator] started
8 oct. 2010 15:34:03 waffle.apache.NegotiateAuthenticator start
INFO: [waffle.apache.NegotiateAuthenticator] started
8 oct. 2010 15:34:03 org.apache.catalina.startup.HostConfig deployDirectory
INFO: Déploiement du répertoire ROOT de l'application web
8 oct. 2010 15:34:03 waffle.apache.NegotiateAuthenticator start
INFO: [waffle.apache.NegotiateAuthenticator] started
8 oct. 2010 15:34:03 org.apache.coyote.http11.Http11Protocol start
INFO: Démarrage de Coyote HTTP/1.1 sur http-8098
8 oct. 2010 15:34:03 org.apache.jk.common.ChannelSocket init
INFO: JK: ajp13 listening on /0.0.0.0:8009
8 oct. 2010 15:34:03 org.apache.jk.server.JkMain start
INFO: Jk running ID=0 time=0/63 config=null
8 oct. 2010 15:34:03 org.apache.catalina.startup.Catalina start
INFO: Server startup in 1703 ms
8 oct. 2010 15:34:30 waffle.apache.NegotiateAuthenticator authenticate
INFO: GET /waffle-negotiate/, contentlength: -1
8 oct. 2010 15:34:30 waffle.apache.NegotiateAuthenticator authenticate
INFO: authorization: <none>, ntlm post: false
8 oct. 2010 15:34:30 waffle.apache.NegotiateAuthenticator authenticate
INFO: authorization required
8 oct. 2010 15:34:51 waffle.apache.NegotiateAuthenticator authenticate
INFO: GET /waffle-negotiate/, contentlength: -1
8 oct. 2010 15:34:51 waffle.apache.NegotiateAuthenticator authenticate
INFO: authorization: Negotiate TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==, ntlm post: false
8 oct. 2010 15:34:51 waffle.apache.NegotiateAuthenticator authenticate
INFO: security package: Negotiate, connection id: 10.3.108.144:2783
8 oct. 2010 15:34:51 waffle.apache.NegotiateAuthenticator authenticate
INFO: token buffer: 40 byte(s)
8 oct. 2010 15:34:52 waffle.apache.NegotiateAuthenticator authenticate
INFO: continue required: true
8 oct. 2010 15:34:52 waffle.apache.NegotiateAuthenticator authenticate
INFO: continue token: TlRMTVNTUAACAAAACgAKADgAAAAFgomiDQn/tUA64VMAAAAAAAAAAHAAcABCAAAABQCTCAAAAA9WAEQAQQBEADEAAgAKAFYARABBAEQAMQABABAASABTAFYAMAAwADIAMABTAAQAGAB2AGQAYQBkADEALgBiAGMAdgAuAGMAaAADACoAaABzAHYAMAAwADIAMABzAC4AdgBkAGEAZAAxAC4AYgBjAHYALgBjAGgAAAAAAA==
8 oct. 2010 15:34:52 waffle.apache.NegotiateAuthenticator authenticate
INFO: GET /waffle-negotiate/, contentlength: -1
8 oct. 2010 15:34:52 waffle.apache.NegotiateAuthenticator authenticate
INFO: authorization: Negotiate TlRMTVNTUAADAAAAGAAYAHoAAAAYABgAkgAAABAAEABIAAAAEgASAFgAAAAQABAAagAAAAAAAACqAAAABYKIogUBKAoAAAAPSABTAFYAMAAwADIAMABzAFUARQBQAEkAQwBBAFIARAAxAEgAUwBWADAAMgA5ADAAOACQxMpvj6bY7QAAAAAAAAAAAAAAAAAAAAC1Mv53zTqbl/APtV8Lb3sVyFZB+vNDAOg=, ntlm post: false
8 oct. 2010 15:34:52 waffle.apache.NegotiateAuthenticator authenticate
INFO: security package: Negotiate, connection id: 10.3.108.144:2783
8 oct. 2010 15:34:52 waffle.apache.NegotiateAuthenticator authenticate
INFO: token buffer: 170 byte(s)
8 oct. 2010 15:34:52 waffle.apache.NegotiateAuthenticator authenticate
INFO: continue required: false
8 oct. 2010 15:34:52 waffle.apache.NegotiateAuthenticator authenticate
INFO: logged in user:ServerA\LocalAccountOnServerA (S-1-5-21-1960408961-790525478-682003330-1013)
8 oct. 2010 15:34:52 waffle.apache.NegotiateAuthenticator authenticate
INFO: roles: BUILTIN\Administrators, BUILTIN\Users, Everyone, ServerA\None, ServerA\LocalAccountOnServerA, NT AUTHORITY\Authenticated Users, NT AUTHORITY\NETWORK
8 oct. 2010 15:34:52 waffle.apache.NegotiateAuthenticator authenticate
INFO: session id:E0322D0686DA2A8F0CCF520F23FF5762
8 oct. 2010 15:34:52 waffle.apache.NegotiateAuthenticator authenticate
INFO: successfully logged in user: ServerA\LocalAccountOnServerA
8 oct. 2010 15:34:52 waffle.apache.NegotiateAuthenticator authenticate
INFO: GET /waffle-negotiate/, contentlength: -1
8 oct. 2010 15:34:52 waffle.apache.NegotiateAuthenticator authenticate
INFO: authorization: Negotiate TlRMTVNTUAADAAAAGAAYAHoAAAAYABgAkgAAABAAEABIAAAAEgASAFgAAAAQABAAagAAAAAAAACqAAAABYKIogUBKAoAAAAPSABTAFYAMAAwADIAMABzAFUARQBQAEkAQwBBAFIARAAxAEgAUwBWADAAMgA5ADAAOACQxMpvj6bY7QAAAAAAAAAAAAAAAAAAAAC1Mv53zTqbl/APtV8Lb3sVyFZB+vNDAOg=, ntlm post: false
8 oct. 2010 15:34:52 waffle.apache.NegotiateAuthenticator authenticate
INFO: previously authenticated user: ServerA\LocalAccountOnServerA
8 oct. 2010 15:37:50 org.apache.coyote.http11.Http11Protocol pause
INFO: Suspension de Coyote HTTP/1.1 sur http-8098
8 oct. 2010 15:37:51 org.apache.catalina.core.StandardService stop
INFO: Arrêt du service Catalina
8 oct. 2010 15:37:51 waffle.apache.NegotiateAuthenticator stop
INFO: [waffle.apache.NegotiateAuthenticator] stopped
8 oct. 2010 15:37:51 waffle.apache.NegotiateAuthenticator stop
INFO: [waffle.apache.NegotiateAuthenticator] stopped
8 oct. 2010 15:37:51 waffle.apache.NegotiateAuthenticator stop
INFO: [waffle.apache.NegotiateAuthenticator] stopped
8 oct. 2010 15:37:51 waffle.apache.NegotiateAuthenticator stop
INFO: [waffle.apache.NegotiateAuthenticator] stopped
8 oct. 2010 15:37:51 waffle.servlet.NegotiateSecurityFilter destroy
INFO: [waffle.servlet.NegotiateSecurityFilter] stopped
8 oct. 2010 15:37:51 waffle.apache.NegotiateAuthenticator stop
INFO: [waffle.apache.NegotiateAuthenticator] stopped
8 oct. 2010 15:37:51 waffle.apache.NegotiateAuthenticator stop
INFO: [waffle.apache.NegotiateAuthenticator] stopped
8 oct. 2010 15:37:51 org.apache.coyote.http11.Http11Protocol destroy
INFO: Arrêt de Coyote HTTP/1.1 sur http-8098

 I will try to sniff the http communication, but have a still problems to let the sniffer working.... one problem more !

 

 

 

Coordinator
Oct 8, 2010 at 3:42 PM

Both are a client-side problem. The browser isn't sending the correct headers. Focus on the first scneario - is your browser saying that you're in the Intranet Zone? If so, post an HTTP trace (try IEHttpHeaders).

Oct 8, 2010 at 9:57 PM

hum hum.... with the first scenario, the browser say 'local intranet'

and the trace is :

GET /waffle-filter/ HTTP/1.1
Host: myserver.mydomain.com:8098
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

HTTP/1.1 401 Non-Autorisé
Server: Apache-Coyote/1.1
WWW-Authenticate: Basic realm="WaffleFilterDemo"
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Connection: keep-alive
Content-Type: text/html;charset=utf-8
Content-Length: 965
Date: Fri, 08 Oct 2010 21:02:05 GMT
---------------------------------------------------------- <<<<< Login Dialog Box

GET /waffle-filter/ HTTP/1.1
Host: myserver.mydomain.com:8098
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Authorization: Basic xxxxx

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=5F3C4596C86CBDD76912B64459B404E7; Path=/waffle-filter
Content-Type: text/html
Content-Length: 3415
Date: Fri, 08 Oct 2010 21:02:36 GMT

Coordinator
Oct 8, 2010 at 10:01 PM

That's an easy one. The first WWW-Authenticate is WWW-Authenticate: Basic realm="WaffleFilterDemo". That shouldn't be there (or it should bethe last header). The order of providers is wrong. Did you make any changes to the configuration?

Oct 8, 2010 at 10:10 PM

if you mean "web.xml" for configuration, no, just out of the box ! and to be sure , I just unzip again the demo and try again.... always the same !

 

Coordinator
Oct 9, 2010 at 1:37 PM

I believe you :) First, are you trying this with Waffle 1.3 or 1.4 beta? Double-check that you're replacing waffle-jna.jar if you're trying 1.4 demos. Maybe get a clean version of Tomcat and place the JARs in all the right places, just to make sure that nothing is polluting the test.

What we should be getting is:

HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
WWW-Authenticate: Basic realm="WaffleFilterDemo"

Note the order. In the demo's WEB-INF/web.xml there's a section that says

 <init-param>
  <param-name>securityFilterProviders</param-name> 
  <param-value>waffle.servlet.spi.NegotiateSecurityFilterProvider waffle.servlet.spi.BasicSecurityFilterProvider</param-value> 
 </init-param>

If it were read correctly, this would be the order of filters: Negotiate, then Basic. On your setup the reverse is happening. For starters, simply remove the BasicSecurityFilterProvider entry from the configuration and see if that is picked up.

If this gets you nowhere, I am curious to see what's going on. If you want, I can do a webex on Monday morning New York time (early afternoon in France).

Oct 11, 2010 at 6:26 AM

on the right way, but the way seems to be long.......

with

<init-param>
<param-name>securityFilterProviders</param-name>
<param-value>
waffle.servlet.spi.NegotiateSecurityFilterProvider
waffle.servlet.spi.BasicSecurityFilterProvider
</param-value>
</init-param>

the login dialog box does not appears any more :-)))))

But ( because there is always a 'but') my second problem is always there : it is logged with the tomcat local user !

I still get  (with waffle-filter demo) 'You are logged in as remote user  ServerA\LocalAccountOnServerA ...' on the client side !!!!!!

 If I look at the http headers I can read :

 GET /waffle-filter/ HTTP/1.1
Host: myserver.mydomain.com:8080
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

HTTP/1.1 401 Non-Autorisé
Server: Apache-Coyote/1.1
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
WWW-Authenticate: Basic realm="WaffleFilterDemo"
Connection: keep-alive
Content-Type: text/html;charset=utf-8
Content-Length: 965
Date: Sun, 10 Oct 2010 21:28:26 GMT
----------------------------------------------------------  >>> Ok, the WWW-Authenticate is in the right order, and I do NOT get the login dialog box :-)  and next...

GET /waffle-filter/ HTTP/1.1
Host: myserver.mydomain.com:8080
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Authorization: Negotiate TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==

HTTP/1.1 401 Non-Autorisé
Server: Apache-Coyote/1.1
WWW-Authenticate: Negotiate TlRMTVNTUAACAAAACgAKADgAAAAFgomiyJ4nE/BFhlkAAAAAAAAAAHAAcABCAAAABQCTCAAAAA9WAEQAQQBEADEAAgAKAFYARABBAEQAMQABABAASABTAFYAMAAwADIAMABTAAQAGAB2AGQAYQBkADEALgBiAGMAdgAuAGMAaAADACoAaABzAHYAMAAwADIAMABzAC4AdgBkAGEAZAAxAC4AYgBjAHYALgBjAGgAAAAAAA==
Connection: keep-alive
Transfer-Encoding: chunked
Date: Sun, 10 Oct 2010 21:28:26 GMT
----------------------------------------------------------

GET /waffle-filter/ HTTP/1.1
Host: myserver.mydomain.com:8080
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Authorization: Negotiate TlRMTVNTUAADAAAAGAAYAHoAAAAYABgAkgAAABAAEABIAAAAEgASAFgAAAAQABAAagAAAAAAAACqAAAABYKIogUBKAoAAAAPSABTAFYAMAAwADIAMABzAFUARQBQAEkAQwBBAFIARAAxAEgAUwBWADAAMwAxADUAMgDAHLRdsSpPhgAAAAAAAAAAAAAAAAAAAAD0PQpNIrtLADDXhcKZ/+HqD20OrdyjQCk=

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=9E98156B4CFCEC2634F713F4D34F3BCD; Path=/waffle-filter
Content-Type: text/html
Content-Length: 1752
Date: Sun, 10 Oct 2010 21:28:26 GMT

What I have done : I have re-install tomcat to be sure it was clean, and on port 8080 (it was on 8098 before), I use Waffle 1.3 (I am not sur to be in good situation to beta test....)

Is there a solution to trace the login information that IE gives to tomcat ? and the path then used in tomcat ??? I do not know if IE gives (for a reason I do not understand) the wrong login, or if tomcat do a substitution (for me it seems more logical, because the client side do not know the server side local user !)

I have to be out today (and under the rain !) therfore I can not be on my computer this afternoon....

 

 

 

Coordinator
Oct 11, 2010 at 12:23 PM

Last time someone had this problem they had the Intranet Zone configured differently in Internet Explorer.

  1. Go into Tools, Internet Options, Security
  2. Choose Custom Level
  3. Scroll to the end, under User Authentication you should have "Automatic logon for Intranet Sites"

I sent you a private message for a webex if that's not it.