Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Enable drop-in Windows Single Sign On for popular Java web servers.
Java C# Other

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.

WAFFLE - Windows Authentication Framework


WAFFLE - Windows Authentication Functional Framework (Light Edition) is a native C# and Java library that does everything Windows authentication (Negotiate, NTLM and Kerberos).


Short Story

Most people will be interested in one of the following.

  • Simple native interfaces in C# and Java to do all things Windows authentication.
  • A generic Servlet Negotiate (NTLM and Kerberos) Security Filter - Tutorial.
  • A Tomcat Negotiate (NTLM and Kerberos) Authenticator Valve - Tutorial.
  • A Tomcat Single Sign-On + Form Authentication Mixed Valve - Tutorial.
  • A Spring-Security Negotiate (NTLM and Kerberos) Filter - Totorial.
  • A Spring-Security Windows Authentication Manager
  • A JAAS Login Module - Tutorial.
  • If you're using Tomcat, Jetty or Websphere with an IIS front-end to do authentication only, Waffle will allow you to get rid of IIS.

Unlike many other implementations WAFFLE on Windows does not usually require any server-side Kerberos keytab setup, it's a drop-in solution. You can see it in action in this slightly blurry video produced for

Waffle was created and is sponsored by Application Security Inc. For a long story, read the Project History. Also, feel free to use this PowerPoint presentation from NYJavaSIG.


  • Account lookup locally and in Active Directory via Win32 API with zero configuration.
  • Enumerating Active Directory domains and domain information.
  • Returns computer domain / workgroup join information.
  • Supports logon for local and domain users returning consistent fully qualified names, identity (SIDs), local and domain groups, including nested.
  • Supports all functions required for implementing server-side single-signon with Negotiate and NTLM and various implementations for Java web servers.
  • Supports Windows Identity impersonation.
  • Includes a Windows Installer Merge Module for distribution of C# binaries.


Waffle includes a servlet filter that works with any servlet container, including Tomcat, Jetty and Websphere. It also contains a native package for Tomcat 6 and Spring Security 3. There're branches for Tomcat 5, Tomcat 7 as well as Spring Security 2 support.

Related and Simiar Products

License and Copyright

Copyright (c) Application Security Inc. and Contributors.

This project is licensed under the Eclipse Public License.

Something went wrong with that request. Please try again.