Depending on your environment Jenkins could be passed usernames such as EXAMPLE\joe if the underlying container is doing SSO in a windows domain.

This causes several things not to work correctly.

the link in the top right goes to a user that is not the logged in user (example_joe vs example\joe")
my views does not work correctly - similar to above.

Jenkins will store the users config.xml as ${JENKINS_HOME}\users\example\joe which seems like an accident waiting to happen.

There are several other things where this is not quite right.

Rather than trying to chase down everything that doesn't work the LegacySecurityRealm should sanitize the passed in username to make sure it is actually safe to use first.

steps to reproduce.

1. install tomcat 8 on a machine conencted to a windows domain.
2. install Jenkins in the root of tomcat
3. install waffle Waffle
   1. Download waffle 1.7
   2. unpack waffle-distro-1.7.4-distro.zip to a temporary location
   3. copy the following files to ${TOMCAT_INSTALL_DIR}\lib
      1. guava-18.0.jar
      2. jna-4.2.1.jar
      3. jna-platform-4.2.1.jar
      4. slf4j-api-1.7.12.jar
      5. waffle-jna-1.7.5.jar
      6. waffle-tomcat8-1.7.5.jar
   4. Create ${TOMCAT_INSTALL_DIR}\conf\Catalina\localhost\ROOT.xml with the following content:

      <?xml version='1.0' encoding='utf-8'?> 
      <Context> 
          <Valve className="waffle.apache.NegotiateAuthenticator" principalFormat="fqn" roleFormat="both" /> 
          <Realm className="waffle.apache.WindowsRealm" /> 
      </Context>
      

4. start Jenkins
5. login to jenkins and try to create things like views etc

Expected results

it all works.

Actual results

you get a mix of things that work, don;t quite work, and just plain blow up in your face with 404 errors etc.