SSO waffle asking username and password

Surendran Duraisamy picture Surendran Duraisamy · May 15, 2014 · Viewed 7.9k times · Source

I am trying to run demo of waffle 'waffle filter demo' download from http://repo1.maven.org/maven2/com/github/dblock/waffle/waffle-filter-demo/1.6/waffle-filter-demo-1.6.war

I am using tomcat as servlet container and deployed the war file.

When I try to access the server with URL http:// localhost:8080/waffle-filter-demo-1.6/ I am able to get authenticated through current windows login and my windows user is authenticated.

But when I access the same url using IP address http:// 192.168.2.63:8080/waffle-filter-demo-1.6/. Waffle is asking me to enter username and password.

Anyone came across this scenario before? How can I get authentication success by access using IP address?

Answer

imarban picture imarban · May 22, 2014

I've solved this problem following https://community.jalios.com/jcms/jx_73408/en/windows-authentication-waffle-plugin-12?cid=jc_84212.

You have to configure the web browser in order for Windows authentication to be sent to remote HTTP server.

To configure Internet Explorer for automatic logon

Open the Internet Options dialog box by choosing Internet Options either from Control Panel or from the Tools menu in Internet Explorer. In the Internet Options dialog box, on the Security tab, select Local intranet, and then click Custom Level. In the Security Settings dialog box, under Logon, select Automatic logon only in Intranet zone, and then click OK. In the Internet Options dialog box on the Security Settings tab with Local intranet still selected, click Sites. In the Local intranet dialog box, click Advanced. In the next dialog box (also titled Local intranet), type the URL of your JCMS web site (for example, https://intranet.mycompany.com) in the Add this Web site to the zone box, and then click Add. In the Local intranet dialog, box click OK. In the original Local intranet dialog box, click OK. In the Internet Options dialog box, click OK.

Google Chrome

Google chrome is automatically configured to send the proper credential.

Firefox

The domain of the HTTP server must be added to the trusted domain for Negotiate authentication, using preference network.negotiate-auth.trusted-uris, either through about:config (in address bar) or in prefs.js (in user profil directory). Read Mozilla.org - Integrated Authentication for more information.