Hello everyone,
We have a Tomcat set upp with WAFFLE(1.7) for two different webapplications, one for a servlet and the other is just some webforms. All we pretty much need is getting the user name of the logged in user. The two applications are accessed through two different aliases configured in server.xml of the Tomcat. I have supplied the waffle-configurations for the different webapps at the bottom. We have a domain account running the tomcat service and the an SPN HTTP/Servername.fqdn and HTTP/Servername linked to the account. This all worked fine and which ever alias you used to access the server you would still get logged in. But then we ran in to an issue where the windows maintenance team couldn't log in remote with PowerShell. After some research we saw that PowerShell needed the HTTP/Servername to not be mapped to a domain account. So we removed the SPN and added the alias instead so HTTP/ALIAS.fqdn. This is not however working at the moment, so I wanted to know if there is something glaringly obvious I'm missing or what we need to do to make it worki. Or maybe it isn't even possible? Oh and the error we get:
com.sun.jna.platform.win32.Win32Exception: The handle specified is invalid
at waffle.windows.auth.impl.WindowsAuthProviderImpl.acceptSecurityToken(WindowsAuthProviderImpl.java:134)
at waffle.servlet.spi.NegotiateSecurityFilterProvider.doFilter(NegotiateSecurityFilterProvider.java:103)
at waffle.servlet.spi.SecurityFilterProviderCollection.doFilter(SecurityFilterProviderCollection.java:130)
at waffle.servlet.NegotiateSecurityFilter.doFilter(NegotiateSecurityFilter.java:98)
The webforms have the following configuration in their web.xml:
<filter>
<filter-name>SecurityFilter</filter-name>
<filter-class>waffle.servlet.NegotiateSecurityFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SecurityFilter</filter-name>
<url-pattern>/<our pages>/</url-pattern>
<url-pattern>/<our pages>/</url-pattern>
</filter-mapping>
and the servlet has:
<filter>
<filter-name>SecurityFilter</filter-name>
<filter-class>waffle.servlet.NegotiateSecurityFilter</filter-class>
<init-param>
<param-name>principalFormat</param-name>
<param-value>fqn</param-value>
</init-param>
<init-param>
<param-name>roleFormat</param-name>
<param-value>both</param-value>
</init-param>
<init-param>
<param-name>allowGuestLogin</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>securityFilterProviders</param-name>
<param-value>
waffle.servlet.spi.NegotiateSecurityFilterProvider
waffle.servlet.spi.BasicSecurityFilterProvider
</param-value>
</init-param>
<init-param>
<param-name>waffle.servlet.spi.NegotiateSecurityFilterProvider/protocols</param-name>
<param-value>
Negotiate
NTLM
</param-value>
</init-param>
<init-param>
<param-name>waffle.servlet.spi.BasicSecurityFilterProvider/realm</param-name>
<param-value><our domain></param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>SecurityFilter</filter-name>
<url-pattern>/<our servlet name></url-pattern>
</filter-mapping>