Waffle returns service user as remote user

Feb 27, 2012 at 12:19 PM
Edited Feb 27, 2012 at 12:25 PM

I'm experiencing a strange problem when deploying the waffle-filter sample application on a tomcat server in my network.

When I call the application, it says

You are logged in as remote user GROUP\SrvSMTUser in session E6D293314AD2243A2B2E6AA643FF43BC.
You are impersonating user GROUP\S12220$.

This is strange, because the windows account I'm using is GROUP\R233. S12220 is the server name which serves the sample application and SrvSMTUser is a service account in my network (also used on the server).

But how come I'm identified as someone else? Do I need to change something in the configuration or am I missing something here?

(Tested in IE and Firefox.)

Feb 27, 2012 at 12:40 PM

How are you getting that impersonating user and how did you configure the filter? I think that you're not impersonating anybody, so it just returns the account under which you run. You did login as the remote user (GROUP\SrvSMTUser) it seems though.

This post, http://code.dblock.org/waffle-single-sign-on-user-impersonation-in-tomcat, might be helpful.

Feb 27, 2012 at 1:09 PM

Thanks for the very fast reply!

The account under which I run locally is definitely R233. This is also true for all browser instances (checked with task manager).

The service account is used for remote desktop sessions on the server, but also locally for development of a different application.

Could it be, that some local cache is used for authentication (like Kerberos ticket cache)? Because for my colleague the sample application is working fine (identifying him with his local user account).

Regarding impersonation: Thanks for the link, but I'm not using this feature.

I did not change anything in the sample applications filter:



Feb 27, 2012 at 2:48 PM

I think you should go through Troubleshooting Negotiate first.

Feb 27, 2012 at 2:58 PM

Did that. Browser settings are fine.

All other intranet applications work as expected.

Feb 27, 2012 at 3:45 PM

I found a solution for this: http://objectmix.com/inetserver/287887-integrated-windows-authentication-authenticating-wrong-user.html#post1017853

Summary: It wasn't Waffle's fault at all. But I find Windows' behavior kind of strange in this case.

Feb 27, 2012 at 6:31 PM

Thanks. I added this to the FAQ. Would be nice if you could detail how you found this here.