Get Client User Name - Windows Authentication - Waffle, Tomcat

2,456 views
Skip to first unread message

Suvo

unread,
Nov 11, 2017, 8:45:24 AM11/11/17
to waffle

I am trying to test Waffle Integration with a Java EE Web Application running off Tomcat.


My requirement is to get the Windows client username that is accessing the application.


I am trying to test the integration without Active Directory installed. What I am doing is as follows

  1. I have a couple of windows based PCs connected to the LAN.
  2. On one PC, I have installed Tomcat and running the Java web application
  3. I am trying to access the application from the other PC and finding out whether I can determine the windows username of the other PC.

Firstly, will this work at all? Without Active Directory, will the waffle integration get the windows user name of the client machine at all.


This is my index.jsp that's supposed to be served when accessing the application


<%@page import="java.security.Principal" %>
<%@page import="waffle.windows.auth.WindowsAccount" %>
<%@page import="waffle.servlet.WindowsPrincipal" %>
<%@page import="com.sun.jna.platform.win32.Secur32" %>
<%@page import="com.sun.jna.platform.win32.Secur32Util" %>

<html>
 <head>
  <title>Testing Waffle</title>
 </head>
 <body>
  You are logged in as remote user <b><%= request.getRemoteUser() %></b> in session <b><%= session.getId() %></b>.<br>
  You are impersonating user <b><%= Secur32Util.getUserNameEx(Secur32.EXTENDED_NAME_FORMAT.NameSamCompatible) %></b>.
  <br><br>
  <%
    if (request.getUserPrincipal() != null) {
  %>
  Your user principal name is <b><%= request.getUserPrincipal().getName() %></b>.
  <br><br>
  <%
   } else {
  %>
   No user principal could be identified.
   <br><br>
  <%
  }
  %>


What is happening is as follows

  • When I am running on server machine and accessing bylocalhost, the page opens up and prints as expected correctly as follows

You are logged in as remote user abc-PC\user1
You are impersonating user abc-PC\user1. 
Your user principal name is abc-PC\user1.

  • Again while accessing from the server machine, instead of localhost, if I put the IP, then an authentication pops up asking me to enter username & password. Here, if I enter the username & password, it shows the results as expected as above.
  • While accessing from the client machine,when I put the IP, then an authentication pops up asking me to enter username & password. If I use the client windows username & password, then authentication failure happens. If I use server windows username & password, then authentication is successful but it prints the server windows username, as above.

What am I doing wrong?

I read somewhere than instead of IP, the FQDN of the machine should be used. In this case, how will the URL look like?

Greg Thomas

unread,
Nov 11, 2017, 10:28:04 AM11/11/17
to waffle...@googlegroups.com
Both the client PC and the Windows server have to be in the same Active Directory domain. You can get away with it if th h are the same PC, but otherwise you are out of luck. 

Greg
-- 
Sent from my iPhone
--
You received this message because you are subscribed to the Google Groups "waffle" group.
To unsubscribe from this group and stop receiving emails from it, send an email to waffle-users...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Suvo

unread,
Nov 11, 2017, 11:15:24 AM11/11/17
to waffle
Thanks, Greg.

Is it just possible that maybe what I am trying to do will work fine if tested in an AD environment but not working now because of what I am trying to do?

Greg Thomas

unread,
Nov 11, 2017, 11:21:39 AM11/11/17
to waffle...@googlegroups.com
Yes. 


-- 
Sent from my iPhone

Suvo

unread,
Nov 16, 2017, 8:26:01 AM11/16/17
to waffle
Hi Greg,

Yes, we go it working on an AD domain.

However, we are facing an unique problem. 
Google Chrome & IE browsers are asking for username & password through popup window, while Firefox automatically shows the AD Login without asking for authentication

We have maintained the browser settings as suggested on the Waffle website.

Chrome is supposed to work without settings. What's going wrong here?

Suvo

Daniel D.

unread,
Nov 16, 2017, 8:56:30 AM11/16/17
to waffle...@googlegroups.com
Most likely an SPN problem, please try going through https://github.com/Waffle/waffle/blob/master/Docs/Troubleshooting.md.

To unsubscribe from this group and stop receiving emails from it, send an email to waffle-users+unsubscribe@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.



--

dB. | Moscow - Geneva - Seattle - New York
code.dblock.org - @dblockdotorg - artsy.net - github/dblock

Reply all
Reply to author
Forward
0 new messages