always getting popup (jboss7, ie9)

Jan 12, 2012 at 3:14 PM
Edited Jan 12, 2012 at 3:22 PM

hi,

I set the waffle filter on web.xml:

    <filter>
        <filter-name>SecurityFilter</filter-name>
        <filter-class>waffle.servlet.NegotiateSecurityFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>SecurityFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

everytime I try to connect to my web-app I get the pop-up asking domain name and password. I expected waffle don't ask me my domain name, as I already logged in on AD... Am I wrong?

Beside if I try to login it refuses my credentials!

scenario: jboss7 running local, ie9.

ps: using firefox9 I always get pupups, but with basicauthenticationsomething almost it accepts my credentials... (the other doesnt)

Here is what I found with ieHTTPheaders after I call the web-app:

GET /refo-web-main/ HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: it-IT
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)
Accept-Encoding: gzip, deflate
Host: dsgnb045:8080
Connection: Keep-Alive
Cookie: JSESSIONID=NYTio1WD10q+ktqF-M76FsnQ

HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
WWW-Authenticate: Basic realm="BasicSecurityFilterProvider"
Connection: keep-alive
Content-Type: text/html;charset=utf-8
Content-Length: 956
Date: Thu, 12 Jan 2012 16:02:22 GMT

 

 

and this is what I get sending my credentials:

GET /refo-web-main/ HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: it-IT
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)
Accept-Encoding: gzip, deflate
Host: dsgnb045:8080
Connection: Keep-Alive
Authorization: Negotiate

...a lot of characters...


Cookie: JSESSIONID=NYTio1WD10q+ktqF-M76FsnQ

HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
WWW-Authenticate: Basic realm="BasicSecurityFilterProvider"
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 956
Date: Thu, 12 Jan 2012 16:05:04 GMT

 

thanks for any help

Coordinator
Jan 12, 2012 at 8:12 PM

Follow the normal troubleshooting negotiate instructions. If you get a popup, Negotiate already failed.

Jan 13, 2012 at 5:51 AM
Edited Jan 13, 2012 at 2:39 PM

unfortunately I already read and followed those instructions for both browsers.

any others ideas? should I miss something else?

Coordinator
Jan 13, 2012 at 12:51 PM

Just start with IE. The next step is to look for a server-side error in your web server's logs. Most likely this is going to be a generic Kerberos/NTLM error, so the next step is to read through the FAQ. A third of the problems are usually a missing SPN and another third is running the server under an account that doesn't have enough privileges (machine needs to be on the domain and you need to be running as localsystem or a domain account).