Issue using Waffle on IIS 7 on Windows 2008 box

Oct 15, 2010 at 2:10 PM

I moved my local application where I have Waffle working on my local PC (Windows XP)  that has Websphere on it.  It’s been working great and without issue.

I moved my application to a development server, Windows 2008 64-bit machine, and executed the application on the server and when I do I get a login dialog box to enter my credentials.  I keep getting the dialog box.  The application on my local box had all 3 jar files in the LIB directory of my WEB-INF directory of my project. 

This Windows 2008 server has IIS and it has ANONYMOUS LOGON enabled (don’t know if you needed to know this or not).

I am being told by the server admin person that she THINKS that Waffle is the issue because it would be conflicting with IIS.  I am only getting the 401 error when I cannot get logged in.

That is what happens.  If anyone has worked with IIS and Waffle any feedback would be appreciated.  If I access the application on this same server using a PORT NUMBER and I get around IIS I have no issue running my application.  It is only having an issue when I am hitting the IIS server.

Any help/direction would be appreciated.   Thanks.

Coordinator
Oct 15, 2010 at 3:09 PM
savoym wrote:

If I access the application on this same server using a PORT NUMBER and I get around IIS I have no issue running my application.  It is only having an issue when I am hitting the IIS server. 

That's expected. Your IIS server runs on port 80 and your application on WebSphere, say, port 1234. They are two completely different applications. What does one have to do with the other? What are you trying to achieve?

Oct 15, 2010 at 3:13 PM

Here is the header info you requested, hope that helps:

HTTP/1.1 401 Unauthorized

Content-Type: text/html

Content-Language: en-US

Server: Microsoft-IIS/7.0

WWW-Authenticate: Negotiate

WWW-Authenticate: NTLM

WWW-Authenticate: Basic realm="BasicSecurityFilterProvider"

$WSEP:

Server: WebSphere Application Server/7.0

X-Powered-By: ASP.NET

Date: Fri, 15 Oct 2010 15:09:51 GMT

Connection: close

Content-Length: 1293

Proxy-Support: Session-Based-Authentication

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>

<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>

<style type="text/css">

<!--

body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}

fieldset{padding:0 15px 10px 15px;}

h1{font-size:2.4em;margin:0;color:#FFF;}

h2{font-size:1.7em;margin:0;color:#CC0000;}

h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}

#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;

background-color:#555555;}

#content{margin:0 0 0 2%;position:relative;}

.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}

-->

</style>

</head>

<body>

<div id="header"><h1>Server Error</h1></div>

<div id="content">

<div class="content-container"><fieldset>

<h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>

<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>

</fieldset></div>

</div>

</body>

</html>

Coordinator
Oct 15, 2010 at 3:24 PM

Now to my next question: what are you trying to achieve? Why do you have IIS here?

Oct 15, 2010 at 3:27 PM

What I am trying to achieve is to have the user test the web application on both a DEV and TEST server. 

They have IIS on this server I was told to have better logging and server information than the HTTP server that came with Websphere.

I did not pick IIS.  That is the server where I was told to put this application.

Hope that makes more sense.

Oct 15, 2010 at 3:29 PM

I was using Waffle to get at the userID from AD and then test that userID against a security table to ensure that the user could enter the application...

Coordinator
Oct 15, 2010 at 3:42 PM

Post the complete HTTP conversation that fails (against IIS) please, headers only (like the one in this thread).

Post the complete HTTP conversation that succeeds (against WebSphere on the other port) please, headers only.

Oct 15, 2010 at 3:57 PM

Against IIS:

Request:

GET http://ftwfindevl01/CSC-ARXfer/faces/index.jsp HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoint, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MS-RTC LM 8; MS-RTC EA 2)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Authorization: Negotiate YIIHdAYGKwYBBQUCoIIHaDCCB2SgJDAiBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICCqKCBzoEggc2YIIHMgYJKoZIhvcSAQICAQBuggchMIIHHaADAgEFoQMCAQ6iBwMFACAAAACjggZIYYIGRDCCBkCgAwIBBaEOGwxUWEhFQUxUSC5PUkeiLDAqoAMCAQKhIzAhGwRIVFRQGxlmdHdmaW5kZXZsMDEudHhoZWFsdGgub3Jno4IF+TCCBfWgAwIBF6EDAgFFooIF5wSCBeMMmP2v1LaZfa6eh2/8MMkyki+miEyXlRDL3Fan2pfU34EEhLeemxyapHmXrkUdA/6S+hCxcMbMEuuBKDY3iPJE7KuO5RhAv6dZcJJmGM37DFtE3maBYibAtquoe/BFW+aQWaxxqjOZMqDqDn6eBfA/T0lGOr1E5K3j08OOwG5dN36jT2BTV9T/3/oJos67tYyTkafwl05JAKP+3qTg8Nz7lzbmn7Dsm59jT7LRRz3WRRjr3Tfn+/aeawuL7fcc3FUWJ+1hxBZ9xj0EXGJrzYdZQcCULS8oLDdDxDnN28ugaVjJzRgfif9us/tofPIrO8Ptb4YnkUmpWKH/7MZdizK/tXOdTVBgL74/6tGggZLym1xJ3Urx+aDfBBxczpj9oD7AEnoaf58ae7rgg9EcncySWPOg9xxM0Sv6837LXgA4jUF0PaPZzQEHeN0Nk/Ov2VyUg3efXO+150bG+/g9LnznA8UOuCWbQ+ZbzJ1F5oj7M1HzPXp8jygf+/0Grjkb5zOt4aFxQNzwxtYi308A1/eCoQoYHyGDEZPKkPzIbmWgrvHAHAmpn2hu5X2ZaP88MkyYIX5KSWz+shVo84RmxKVzMY6q3aWt7m9LZe1suArjPc7mm2LtV6swfEu2ljSuZZWAlwGI13Lwx9MNkz/pQrv1FEoXFrpovRHb/Khp6zr9CFMLkklu2blFxlQ++LfkHUHbLHSyomysHrYVIR4fTCVy/o/Wm9/302OaDA8XuyORQFMeUh/4/1NJgoMEkJkryKs9MN9kDdk7KL+j8Lry07VkelGnUrwBBzodySB/LO+s6cwXj2mZqn3QFzL4QTFVZZ17zhy4rvPdE37QAQnETVpLbPIvYgPwzf9HCvUWgx/N/wV0U8c5DI4+ByzVI23FKPF1GAuPvndTqoMScrU0v6xVREybUQuXQK+cRY7pDCq9egl4ibW4TkoKuhAxhZ+uvAAIRPO1vgV1i+jEa01dvN3ZMIZki8bJOuqUorPbtzyxWNiSL0/RD92dtIarvLhKqrj1vtbQUgXEFHQcZAOOEnYYlsTN6BtntTsoOYkPSho6Tqrd1VtNkkGT/zdVucicx1J+AXsY/OND7Lc191kNp/qLYMwI1hO7GNjASxAdVERgF6t3pkAsHoOn0saETGIvf/cmCkChS1xEeKkaXKGZSqcRmr8Ulpx+/ZkjTmt1C0t+z4KgxU1Z45nn81uVgs0glGCgRhOri4aa9zOfxlCVUyWUjlxXWc0fvYtretBOkjKSOzDG9HRZgW0Ph5v7+bpT4z1oU4Du7bnxwGCT6u5XwOF+btzh+uSgIWRescOEwu8eFpsO54esIenI78Y2KTGmEAA0jUnJpe+y9jGu4N82PUZHa/bsxIvr3ZTTNKx+OADohuO+d7HGYRwxcgq3u9jdq3IP7wOnt3j8ybFkL9vfWo5cn5GIX71luoUiUg0veJGWDQcMIFjq+seyy3XOd1INyIDEyBC34zJ39msBlXAXKZjvYIMZ/L8eCPu7taSCP0ZHp+Me+rTuBZLboDq0DXAdcNjpVlCgEp3r2ymmLW6bGmXwO9AoWIzQm5nk9KxDi2JW4EnwXDHK+Bhh8HHJN+FT89l6td0VZOTf7oL+Zn4vww3Edxs3KEEuEy1R1NO+wahREvLRXYJL47Q2r2JPLD9diMuG0/VbWoMgbJNCkm17I4muPtvuij51olQLxeaT2EXvy9ehWF7LSp7ra4M3DDZD6Ifrnh4ErLVJ106JepY1snuH/fv4gzi14gv9iJZXD7/uKD857q19VF+jP5JaWOCYt0t26aDMm4b6w9glFBYx+a1Mb6/uex6KMwMdF9IBNyTIBbyl/t34FnbYJhh14AuCYiJpdh3wjv1oi1E0XUEvh0bhw9K18CH+i6xGf/7fE5MWdgayJ49rC9AKCpoB0wEI4tMb56BLsGhrijPBKvw8jhbHqfrXcyyYXJ0qOTCM0okplPo6KSqe63gH4t5vN/O0u66Yj29WRUteGtLArfckKERo+V30pIG7MIG4oAMCAReigbAEga1bZ/lcZDv1leXC4xbI3gD+tU6OnGlspTssPwzA2mI2i0Z/c5Ggpzy3qjLsp9M3Ku03Bo8F4GaD9tmIzLVsrzXUPKPmc+Z9Qa6leITEcbWJRhmxfUdN2QRaDbGsqj/TbanxOGJMTy8e1jmujh5TwBsaU7VVdVjikiq1ADpz+LwZ/kwOWkkzsAydsmmPpsF5eI2fPNqubUgyH6hxHWLOJQzmhL4dpd/4rrsQTspi5Q==
Host: ftwfindevl01

Response:

HTTP/1.1 401 Unauthorized
Content-Type: text/html
Content-Language: en-US
Server: Microsoft-IIS/7.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
WWW-Authenticate: Basic realm="BasicSecurityFilterProvider"
$WSEP:
Server: WebSphere Application Server/7.0
X-Powered-By: ASP.NET
Date: Fri, 15 Oct 2010 15:09:51 GMT
Connection: close
Content-Length: 1293
Proxy-Support: Session-Based-Authentication

Against Websphere:

Request:

GET http://ftwfindevl01:9080/CSC-ARXfer/faces/index.jsp HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoint, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MS-RTC LM 8; MS-RTC EA 2)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: ftwfindevl01:9080
Cookie: JSESSIONID=0000hTO3mTUXSX04SP9MphcCMhe:-1

Response:

HTTP/1.1 200 OK
X-Powered-By: JSF/1.2
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Fri, 15 Oct 2010 15:53:23 GMT
Server: WebSphere Application Server/7.0
Content-Length: 12111

Hope this is correct.  Thanks.

Coordinator
Oct 15, 2010 at 3:59 PM

It's not right, sorry. The second one has no authentication whatsoever, meaning it already established a session. Close the browser, reopen the browser, do the first one again. Close the browser, reopen the browser and do the second one.

Oct 15, 2010 at 4:07 PM

Against IIS:

Request:

GET http://csc-arxferdev/ HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoint, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MS-RTC LM 8; MS-RTC EA 2)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: csc-arxferdev

Response:

HTTP/1.1 401 Unauthorized
Content-Length: 1656
Content-Type: text/html
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Date: Fri, 15 Oct 2010 16:02:04 GMT
Proxy-Support: Session-Based-Authentication

Against Websphere:

Request:

GET http://ftwfindevl01:9080/CSC-ARXfer/faces/index.jsp HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoint, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MS-RTC LM 8; MS-RTC EA 2)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: ftwfindevl01:9080
Authorization: Negotiate YIIHdAYGKwYBBQUCoIIHaDCCB2SgJDAiBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICCqKCBzoEggc2YIIHMgYJKoZIhvcSAQICAQBuggchMIIHHaADAgEFoQMCAQ6iBwMFACAAAACjggZIYYIGRDCCBkCgAwIBBaEOGwxUWEhFQUxUSC5PUkeiLDAqoAMCAQKhIzAhGwRIVFRQGxlmdHdmaW5kZXZsMDEudHhoZWFsdGgub3Jno4IF+TCCBfWgAwIBF6EDAgFFooIF5wSCBeMMmP2v1LaZfa6eh2/8MMkyki+miEyXlRDL3Fan2pfU34EEhLeemxyapHmXrkUdA/6S+hCxcMbMEuuBKDY3iPJE7KuO5RhAv6dZcJJmGM37DFtE3maBYibAtquoe/BFW+aQWaxxqjOZMqDqDn6eBfA/T0lGOr1E5K3j08OOwG5dN36jT2BTV9T/3/oJos67tYyTkafwl05JAKP+3qTg8Nz7lzbmn7Dsm59jT7LRRz3WRRjr3Tfn+/aeawuL7fcc3FUWJ+1hxBZ9xj0EXGJrzYdZQcCULS8oLDdDxDnN28ugaVjJzRgfif9us/tofPIrO8Ptb4YnkUmpWKH/7MZdizK/tXOdTVBgL74/6tGggZLym1xJ3Urx+aDfBBxczpj9oD7AEnoaf58ae7rgg9EcncySWPOg9xxM0Sv6837LXgA4jUF0PaPZzQEHeN0Nk/Ov2VyUg3efXO+150bG+/g9LnznA8UOuCWbQ+ZbzJ1F5oj7M1HzPXp8jygf+/0Grjkb5zOt4aFxQNzwxtYi308A1/eCoQoYHyGDEZPKkPzIbmWgrvHAHAmpn2hu5X2ZaP88MkyYIX5KSWz+shVo84RmxKVzMY6q3aWt7m9LZe1suArjPc7mm2LtV6swfEu2ljSuZZWAlwGI13Lwx9MNkz/pQrv1FEoXFrpovRHb/Khp6zr9CFMLkklu2blFxlQ++LfkHUHbLHSyomysHrYVIR4fTCVy/o/Wm9/302OaDA8XuyORQFMeUh/4/1NJgoMEkJkryKs9MN9kDdk7KL+j8Lry07VkelGnUrwBBzodySB/LO+s6cwXj2mZqn3QFzL4QTFVZZ17zhy4rvPdE37QAQnETVpLbPIvYgPwzf9HCvUWgx/N/wV0U8c5DI4+ByzVI23FKPF1GAuPvndTqoMScrU0v6xVREybUQuXQK+cRY7pDCq9egl4ibW4TkoKuhAxhZ+uvAAIRPO1vgV1i+jEa01dvN3ZMIZki8bJOuqUorPbtzyxWNiSL0/RD92dtIarvLhKqrj1vtbQUgXEFHQcZAOOEnYYlsTN6BtntTsoOYkPSho6Tqrd1VtNkkGT/zdVucicx1J+AXsY/OND7Lc191kNp/qLYMwI1hO7GNjASxAdVERgF6t3pkAsHoOn0saETGIvf/cmCkChS1xEeKkaXKGZSqcRmr8Ulpx+/ZkjTmt1C0t+z4KgxU1Z45nn81uVgs0glGCgRhOri4aa9zOfxlCVUyWUjlxXWc0fvYtretBOkjKSOzDG9HRZgW0Ph5v7+bpT4z1oU4Du7bnxwGCT6u5XwOF+btzh+uSgIWRescOEwu8eFpsO54esIenI78Y2KTGmEAA0jUnJpe+y9jGu4N82PUZHa/bsxIvr3ZTTNKx+OADohuO+d7HGYRwxcgq3u9jdq3IP7wOnt3j8ybFkL9vfWo5cn5GIX71luoUiUg0veJGWDQcMIFjq+seyy3XOd1INyIDEyBC34zJ39msBlXAXKZjvYIMZ/L8eCPu7taSCP0ZHp+Me+rTuBZLboDq0DXAdcNjpVlCgEp3r2ymmLW6bGmXwO9AoWIzQm5nk9KxDi2JW4EnwXDHK+Bhh8HHJN+FT89l6td0VZOTf7oL+Zn4vww3Edxs3KEEuEy1R1NO+wahREvLRXYJL47Q2r2JPLD9diMuG0/VbWoMgbJNCkm17I4muPtvuij51olQLxeaT2EXvy9ehWF7LSp7ra4M3DDZD6Ifrnh4ErLVJ106JepY1snuH/fv4gzi14gv9iJZXD7/uKD857q19VF+jP5JaWOCYt0t26aDMm4b6w9glFBYx+a1Mb6/uex6KMwMdF9IBNyTIBbyl/t34FnbYJhh14AuCYiJpdh3wjv1oi1E0XUEvh0bhw9K18CH+i6xGf/7fE5MWdgayJ49rC9AKCpoB0wEI4tMb56BLsGhrijPBKvw8jhbHqfrXcyyYXJ0qOTCM0okplPo6KSqe63gH4t5vN/O0u66Yj29WRUteGtLArfckKERo+V30pIG7MIG4oAMCAReigbAEga1IfgIihjFjU3TePVLypuZo3QUsOwaZiM7ZrAzDVbeqJM7wPn/aDeDjHqsUsJ6ZA1mX93YV0snpomSVLOjcf0yVsobyfknHehkvXcz0hQ4Y+oy8fZkseUf7IrtyjaS3bkCx6Cu4bgnBQ97DqjuuPGUUSc0PETx6kcMVet5Jy7eNEgjPzr/BlLDtsJVAVg55hhSp3PjkNyS9Yo5s5JXhQbchjqAkEWaLJoxOr1Bnew==

Response:

HTTP/1.1 200 OK
WWW-Authenticate: Negotiate oYGgMIGdoAMKAQChCwYJKoZIgvcSAQICooGIBIGFYIGCBgkqhkiG9xIBAgICAG9zMHGgAwIBBaEDAgEPomUwY6ADAgEXolwEWi8xDqKNONG3V497AgqYo0vH4CKwUFyaSnbed+YHzPd9F2hqaoqU/X9db+oZ3BGMtvEiGL+QLttdJ9fgwXMx5cIxWipoo5BqLpJHNs4KO+r1Vwt+5eA87y05yA==
X-Powered-By: JSF/1.2
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Set-Cookie: JSESSIONID=0000Q-y-THKBMcZ1OddbUnkSaXe:-1; Path=/
Transfer-Encoding: chunked
Date: Fri, 15 Oct 2010 16:05:43 GMT
Server: WebSphere Application Server/7.0
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: no-cache="set-cookie, set-cookie2"

c36

Hope this is better...

Coordinator
Oct 15, 2010 at 4:15 PM

I don't understand. These are requests to two different machines (csc-arxferdev vs. ftwfindevl01), but you said that on the same server it works for going directly to WebSphere and doesn't via IIS. Your trace above went to the same machine. Also, I don't think you closed ALL browsers in between, it still has a cached session.

Oct 15, 2010 at 4:19 PM

1. The CSC-ARXFERDEV is a DNS entry that goes to the same URL without the port number, meaning to IIS:

http://ftwfindevl01/CSC-ARXfer/faces/index.jsp

To IIS the URL is:

http://ftwfindevl01:9080/CSC-ARXfer/faces/index.jsp

2. I did indeed close the browser between each execution of the different URLs.

From: dblock [mailto:notifications@codeplex.com]
Sent: Friday, October 15, 2010 11:15 AM
To: Savoy, Melinda
Subject: Re: Issue using Waffle on IIS 7 on Windows 2008 box [waffle:231042]

From: dblock

I don't understand. These are requests to two different machines (csc-arxferdev vs. ftwfindevl01), but you said that on the same server it works for going directly to WebSphere and doesn't via IIS. Your trace above went to the same machine. Also, I don't think you closed ALL browsers in between, it still has a cached session.

Read the full discussion online.

To add a post to this discussion, reply to this email (waffle@discussions.codeplex.com)

To start a new discussion for this project, email waffle@discussions.codeplex.com

You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe on CodePlex.com.

Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at CodePlex.com


The information contained in this message and any attachments is intended only for the use of the individual or entity to which it is addressed, and may contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from disclosure under applicable law. If you are not the intended recipient, you are prohibited from copying, distributing, or using the information. Please contact the sender immediately by return e-mail and delete the original message from your system.
Coordinator
Oct 15, 2010 at 4:20 PM

Melinda, these names do matter for the browser, a LOT. This is taking too long, i'll do a webex with you.

Oct 15, 2010 at 4:23 PM

My number is 817.396.4687.  You can send me the link to webex and I'll get on.

Thanks.

 

Coordinator
Oct 15, 2010 at 4:56 PM

We did a webex. It looks like this is not going to work because of the WebSphere/IIS proxy. Hitting http://server:80/ and being proxied fails, while http://server:1234/ without being proxied succeeds. Maybe there's something on the proxy that's doing something smarter than me, but clearly the tickets that are presented to waffle aren't good enough for authentication. I am pretty sure this has something to do with the port change.