Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
NegotiateSecurityFilter is not working from remote systems.
See original GitHub issueI am running the “waffle-spring-boot-filter2” demo on my system and we have NTLM based authentication set up. When I am visiting http://localhost:8080/ or http://anandara01:8080/ from local machine, Waffle completes auth and provides correct user id. When I am hitting http://anandara01:8080/ from another machine on same domain, and logged in using other/own account, the auth fails with “error logging in user: com.sun.jna.platform.win32.Win32Exception: The token supplied to the function is invalid”
This is the debug output of flow that works ( from local machine)
2018-05-07 12:52:15.836 DEBUG 11896 --- [nio-8080-exec-1] waffle.spring.NegotiateSecurityFilter : GET /, contentlength: -1 2018-05-07 12:52:15.851 DEBUG 11896 --- [nio-8080-exec-1] w.s.NegotiateSecurityFilterEntryPoint : [waffle.spring.NegotiateEntryPoint] commence 2018-05-07 12:52:15.857 DEBUG 11896 --- [nio-8080-exec-2] waffle.spring.NegotiateSecurityFilter : GET /, contentlength: -1 2018-05-07 12:52:15.858 DEBUG 11896 --- [nio-8080-exec-2] w.s.spi.NegotiateSecurityFilterProvider : security package: Negotiate, connection id: 0:0:0:0:0:0:0:1:50018 2018-05-07 12:52:15.868 DEBUG 11896 --- [nio-8080-exec-2] w.s.spi.NegotiateSecurityFilterProvider : token buffer: 123 byte(s) 2018-05-07 12:52:15.945 DEBUG 11896 --- [nio-8080-exec-2] w.s.spi.NegotiateSecurityFilterProvider : continue token: <<.......redacted..........>> 2018-05-07 12:52:15.945 DEBUG 11896 --- [nio-8080-exec-2] w.s.spi.NegotiateSecurityFilterProvider : continue required: true 2018-05-07 12:52:15.948 DEBUG 11896 --- [nio-8080-exec-3] waffle.spring.NegotiateSecurityFilter : GET /, contentlength: -1 2018-05-07 12:52:15.948 DEBUG 11896 --- [nio-8080-exec-3] w.s.spi.NegotiateSecurityFilterProvider : security package: Negotiate, connection id: 0:0:0:0:0:0:0:1:50018 2018-05-07 12:52:15.948 DEBUG 11896 --- [nio-8080-exec-3] w.s.spi.NegotiateSecurityFilterProvider : token buffer: 121 byte(s) 2018-05-07 12:52:15.962 DEBUG 11896 --- [nio-8080-exec-3] w.s.spi.NegotiateSecurityFilterProvider : continue token: <<.......redacted..........>> 2018-05-07 12:52:15.962 DEBUG 11896 --- [nio-8080-exec-3] w.s.spi.NegotiateSecurityFilterProvider : continue required: false 2018-05-07 12:52:16.002 DEBUG 11896 --- [nio-8080-exec-3] waffle.spring.NegotiateSecurityFilter : logged in user: NTNET\anandara (S-1-5-21-143744227-<<.......redacted..........>>) 2018-05-07 12:52:16.231 DEBUG 11896 --- [nio-8080-exec-3] waffle.spring.NegotiateSecurityFilter : roles: NTNET\anandara, <<.......redacted..........>> 2018-05-07 12:52:16.231 INFO 11896 --- [nio-8080-exec-3] waffle.spring.NegotiateSecurityFilter : successfully logged in user: NTNET\anandara
This is the debug flow that fails (from remote machine):
2018-05-07 12:58:48.667 DEBUG 11896 --- [nio-8080-exec-5] waffle.spring.NegotiateSecurityFilter : GET /, contentlength: -1 2018-05-07 12:58:48.668 DEBUG 11896 --- [nio-8080-exec-5] w.s.NegotiateSecurityFilterEntryPoint : [waffle.spring.NegotiateEntryPoint] commence 2018-05-07 12:58:48.934 DEBUG 11896 --- [nio-8080-exec-6] waffle.spring.NegotiateSecurityFilter : GET /, contentlength: -1 2018-05-07 12:58:48.935 DEBUG 11896 --- [nio-8080-exec-6] w.s.spi.NegotiateSecurityFilterProvider : security package: Negotiate, connection id: 10.26.214.92:54102 2018-05-07 12:58:48.935 DEBUG 11896 --- [nio-8080-exec-6] w.s.spi.NegotiateSecurityFilterProvider : token buffer: 40 byte(s) 2018-05-07 12:58:48.936 DEBUG 11896 --- [nio-8080-exec-6] w.s.spi.NegotiateSecurityFilterProvider : continue token: TlRM<<.......redacted..........>> 2018-05-07 12:58:48.936 DEBUG 11896 --- [nio-8080-exec-6] w.s.spi.NegotiateSecurityFilterProvider : continue required: true 2018-05-07 12:58:49.179 DEBUG 11896 --- [nio-8080-exec-7] waffle.spring.NegotiateSecurityFilter : GET /, contentlength: -1 2018-05-07 12:58:49.180 DEBUG 11896 --- [nio-8080-exec-7] w.s.NegotiateSecurityFilterEntryPoint : [waffle.spring.NegotiateEntryPoint] commence 2018-05-07 12:58:49.422 DEBUG 11896 --- [nio-8080-exec-8] waffle.spring.NegotiateSecurityFilter : GET /, contentlength: -1 2018-05-07 12:58:49.423 DEBUG 11896 --- [nio-8080-exec-8] w.s.spi.NegotiateSecurityFilterProvider : security package: NTLM, connection id: 10.26.214.92:54102 2018-05-07 12:58:49.423 DEBUG 11896 --- [nio-8080-exec-8] w.s.spi.NegotiateSecurityFilterProvider : token buffer: 40 byte(s) 2018-05-07 12:58:49.431 WARN 11896 --- [nio-8080-exec-8] waffle.spring.NegotiateSecurityFilter : error logging in user: com.sun.jna.platform.win32.Win32Exception: The token supplied to the function is invalid
I can see the negotiateEntryPoint being called midway in failing flow. I would appreciate any help regarding how to get it working for remote machines. Or is this a known issue or some bad config on my end?
N.B. Using JCIFS filter in web.xml of spring allows me to proceed with auth from remote machines too. So, I suppose this is not a bad config on my end.
Could this be possibly related to this issue? https://github.com/Waffle/waffle/issues/312
Issue Analytics
- State:
- Created 5 years ago
- Comments:5
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
For anyone who finds this issue from searching I was having this same exception and what fixed it for us was adding the SPN HTTP/[domain] and HTTPS/[domain] for the server service account.