Waffle + Websphere + AD

Nov 22, 2010 at 12:49 PM


I'm trying to provide authentication for my web-app.

The users are stored in a windows Active Directory running in a pc on our local intranet so I am trying to understand if Waffle is a viable solution in this context.

So, I have put jna.jar, platform.jar and waffle-jna.jar on the WEB-INF/lib folder of my web-app and I've setup the following rules on web.xml :



       <display-name>Waffle Security Constraint</display-name>
           <web-resource-name>Protected Area</web-resource-name>

I've setup the details for the AD in Websphere and I get a successful 'Test Connection' .

I've already instructed the administrators to create an AD group called 'TestUsers' and add to it the username which I use for logon on my pc.

So when I click on /requests/* links, I get a pop-up requesting my username/password

I get the following output:


[NegotiateSecurityFilter] : GET /Web/requests/, contentlength: -1 [?.doFilter:?]
[NegotiateSecurityFilterProvider] : security package: NTLM, connection id: [?.doFilter:?]
[NegotiateSecurityFilterProvider] : token buffer: 40 byte(s) [?.doFilter:?]
[NegotiateSecurityFilterProvider] : continue required: true [?.doFilter:?]
[NegotiateSecurityFilter] : GET /Web/requests/, contentlength: -1 [?.doFilter:?]
[NegotiateSecurityFilterProvider] : security package: NTLM, connection id: [?.doFilter:?]
[NegotiateSecurityFilterProvider] : token buffer: 158 byte(s) [?.doFilter:?]
[NegotiateSecurityFilter] : error logging in user: Password given is not correct
[NegotiateSecurityFilter] : GET /Web/requests/, contentlength: -1 [?.doFilter:?]
[BasicSecurityFilterProvider] : logging in user: u304361 [?.doFilter:?]
[NegotiateSecurityFilter] : error logging in user: Program-client does not have any particular permission [?.doFilter:?]




Is this the correct way to go or am I missing something basic?

Sorry in advance for the 'newie' question/s I am posting but I'm really new to this technology :-)

With regargs,


Nov 22, 2010 at 3:41 PM

The error code to be exact is :

"A required privilege is not held by the client."

and my OS is : Windows 2000 with SP4

..and I am still trying to find a solution :)

Nov 22, 2010 at 11:09 PM

First, if you get a popup, that means SSO has failed. It has either failed at authentication or at authorization. The output you provided is from typing a username/password, the whole point is to avoid doing that :) Dump the user's group memberships (the Waffle demos do that) and find out whether IT\TestUsers is in the list.

Next, I am confused where you get that error "a required privilege is not held by the client".