1

We are using WSO2 identity server for user authentication in our product suite. Recently we have upgraded its version from 5.0.0 to 5.1.0. After upgrading to WSO2 identity server 5.1.0 version we are getting following exception when we enable IWA (Integrated Windows Authentication)

TID: [-1234] [] [2016-07-21 18:46:52,606] DEBUG {waffle.servlet.spi.NegotiateSecurityFilterProvider} -  security package: Negotiate, connection id: fe80:0:0:0:f1da:6adb:d83e:18d6%6:64966 
TID: [-1234] [] [2016-07-21 18:46:52,622] DEBUG {waffle.servlet.spi.NegotiateSecurityFilterProvider} -  token buffer: 1629 byte(s) 
TID: [-1234] [] [2016-07-21 18:46:52,675] ERROR {org.apache.catalina.core.StandardWrapperValve} -  Servlet.service() for servlet [bridgeservlet] in context with path [/] threw exception 
com.sun.jna.platform.win32.Win32Exception: The token supplied to the function is invalid
at waffle.windows.auth.impl.WindowsAuthProviderImpl.acceptSecurityToken(WindowsAuthProviderImpl.java:137)
at waffle.servlet.spi.NegotiateSecurityFilterProvider.doFilter(NegotiateSecurityFilterProvider.java:102)
at waffle.servlet.spi.SecurityFilterProviderCollection.doFilter(SecurityFilterProviderCollection.java:116)
at org.wso2.carbon.identity.application.authenticator.iwa.servlet.IWAServelet.doPost(IWAServelet.java:89)
at org.wso2.carbon.identity.application.authenticator.iwa.servlet.IWAServelet.doGet(IWAServelet.java:64)

After searching for the problem on Google we came across following post.

https://github.com/dblock/waffle/issues/107

It looks like there was some issue in the earlier version of Waffle library which is resolved in 1.7.4 version. WSO2 Identity server 5.1.0 comes with Waffle library version 1.6.0 (waffle-jna_1.6.0.wso2v4.jar).

Now my question is do we have any WSO2 Identity server patch available which includes the latest Waffle library (version 1.7.4 or above)? Can we simply download the latest version of Waffle and put into “wso2is-5.1.0\repository\components\plugins” folder? Will it work? We need to see if it resolves the above stated problem. We are unable to find any other solution to this issue.

Community
  • 1
  • 1
ChetanP
  • 65
  • 3
  • We have created https://wso2.org/jira/browse/IDENTITY-4855 to track this. We'll be fixing this with Identity Server 5.2.0 release. – farasath Aug 06 '16 at 17:45

1 Answers1

0

Putting the new version in the plugins folder won't work. You'll need to follow these steps,

  1. Get the waffle 1.7.4 wrapped as an OSGi bundle. You can refer this pom file which does the same for 1.6 version. Make sure the versions are properly updated in the new pom file.
  2. Build from the pom file you created above to get the OSGi bundle
  3. Put it into repository\components\dropins\ folder and restart the IS
  4. [Validation Step][Optional] Start IS in OSGI console with wso2server.bat -DosgiConsole. Once the server is up run ss in the osgi console and locate the bundle id for org.wso2.carbon.identity.application.authenticator.iwa (This will be an integer below ~500). And then b <bundle_id> and make sure it binds the 1.7 versions of waffle packages.
pulasthi7
  • 901
  • 1
  • 13
  • 15