IIS, Websphere Failing with Invalid token supplied error
Pushp Agarwal
Hi,
We are trying to integrate Waffle 1.8.3 NTLM authentication (Negotiate) into one of our legacy application i.e., based on java v7. We have the following existing application architecture i.e, IIS web server receives HTTP requests on port 80 from client and passes on to the application server listening on port 9080.
Earlier we were using JCIFS but with upgraded domain controllers it ceases to exist and has been suggested to go with Waffle.
But it is failing continuously when the requests are passed from port 80, i.e. 10.106.x.x:80/AppLoginUrl or hostname failing with the error “ The token supplied to the function is invalid” while 10.106.x.x:9080/AppLoginUrl is having successful SSO and authentication calls.
Have gone through various discussions and chats, where this is suggested that the IIS HTTP Web server is behaving as man in the middle where browser is thinking to signing off against i.e. breaking off NTLM authentication. But the protocol was used with JCIFS, trying to replace the library to fulfil that. As we are using NTLM authentication do we require SPN to be configured?
Could you please confirm if this is possible and with what changes at IIS/ Websphere level please ? (probably this is the ideal case as to put in HTTP Web server in front of Java servers, can this be possible with Waffle) Attached the negotiate Failure logs , I suspect the failure is not following 3 way handshake call or if following then contains pre-validated token. Your immediate response would be appreciated please.