How to Stop ANONYMOUS LOGON ?
178 views
Skip to first unread message
akw...@gmail.com
Mar 3, 2021, 7:23:36 AM3/3/21
to waffle
How to stop ANONYMOUS LOGON ?
I have SSO filter working perfectly fine , but when a non-domain user is presented with Basic authentication pop-up , and if user simply presses "Sign in" button on Chrome (i.e. with empty credentials) , Waffle allows this as authenticated user
waffle.servlet.NegotiateSecurityFilter - previously authenticated Windows user: NT AUTHORITY\ANONYMOUS LOGON]
I have SSO filter working perfectly fine , but when a non-domain user is presented with Basic authentication pop-up , and if user simply presses "Sign in" button on Chrome (i.e. with empty credentials) , Waffle allows this as authenticated user
waffle.servlet.NegotiateSecurityFilter - previously authenticated Windows user: NT AUTHORITY\ANONYMOUS LOGON]
How do I stop this ? And it's only happening with Google Chrome ! MS Edge surprisingly doesn't go ahead with blank credentials, but Chrome does !
Here are some other details :
Here are some other details :
AppServer - Glassfish 4
Browser - Google chrome
Waffle SSO type - Filter based (version 2.3.0)
OS : Windows 10
akw...@gmail.com
Mar 3, 2021, 10:41:47 AM3/3/21
to waffle
My mistake ! I wasn't aware about guestLogin being on by default .
Doing this , solved it :
Doing this , solved it :
<filter>
<filter-name>SecurityFilter</filter-name>
<filter-class>waffle.servlet.NegotiateSecurityFilter</filter-class>
<init-param>
<param-name>allowGuestLogin</param-name>
<param-value>false</param-value>
</init-param>
</filter>
Reply all
Reply to author
Forward
0 new messages