Daniel Doubrovkine bio photo

Daniel Doubrovkine

aka dB., @awscloud, former CTO @artsy, +@vestris, NYC

Email Twitter LinkedIn Github Strava
Creative Commons License


If you’re writing PInvoke in C# or Java code for Windows authentication, save yourself some time, WAFFLE has these features for you.

  • Account lookup locally and in Active Directory via Win32 API with zero configuration.
  • Enumerating Active Directory domains and domain information.
  • Returns computer domain / workgroup join information.
  • Supports logon for local and domain users returning consistent fully qualified names, identity (SIDs), local and domain groups, including nested.
  • Supports all functions required for implementing server-side single-signon with Negotiate and NTLM.
  • Supports Windows Identity impersonation.
  • Includes a Windows Installer Merge Module for distribution of C# binaries.

If you’re using Tomcat or Jetty with an IIS front-end to do authentication only, Waffle has the following features and will allow you to get rid of IIS.

  • A Tomcat Negotiate (NTLM and Kerberos) Authenticator Valve.
  • A generic Servlet Negotiate (NTLM and Kerberos) Security Filter.
  • A Tomcat Single Sign-On + Form Authentication Mixed Valve.
  • A Spring-Security Negotiate (NTLM and Kerberos) Filter.
  • A Spring-Security Windows Authentication Manager.
  • A JAAS Login Module.

WAFFLE has originated at AppSecInc. and the team deserves the credit.