Download the latest version (As of writing 1.8.3) of the WAFFLE zip from https://github.com/dblock/waffle/releases

Extract the file to a temporary directory (ex: c:\UNZIPPED_DIRECTORY) on the SDM server

Copy the files waffle-jna-1.8.3.jar, guava-20.0.jar, jna-4.3.0.jar, jna-platform-4.3.0.jar and slf4j-api-1.7.22.jar from the bin directory of the zip directory in step #2 above to the '%NX_ROOT%\bopcfg\www\CATALINA_BASE\webapps\CAisd\WEB-INF\lib' directory on the SDM server

NOTE: %NX_ROOT% refers to the Installation directory of CA SDM. For example, the default location is 'C:\Program Files (x86)\CA\Service Desk Manager' on a Windows 64-bit OS.

NOTE: Copying commons-logging-1.1.1.jar is optional as it is already present in another Tomcat directory.

Backup the current '%NX_ROOT%\bopcfg\www\CATALINA_BASE\webapps\CAisd\WEB-INF\web.xml' file. Open the file with a text editor and add the following content to the bottom of the file:

NOTE: All of the following lines have to be placed BEFORE the </web-app> HTML tag

<filter>
  <filter-name>SecurityFilter</filter-name>
  <filter-class>waffle.servlet.NegotiateSecurityFilter</filter-class>
</filter>
<filter-mapping>
  <filter-name>SecurityFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

Stop and start the SDM Tomcat process by running the following commands:

pdm_tomcat_nxd -c stop
Wait for 10 seconds
pdm_tomcat_nxd -c start

Check off "External Authentication" for the contact's Access Type.

Assuming that the SDM Contact record has External Authentication type enabled and O/S authentication enabled, the SDM Tomcat engine should now let you authenticate users for that access type without prompting you for the SDM logon screen.

The procedure above is not yet formally certified, but is a known workaround.

If there are any problems starting the SDM Tomcat process, review the '%NX_ROOT%\log\pdm_tomcat.log' file.