Bug: when using SSO, Openfire requires a UPN in addition to an SPN

Alex_Mauer · November 16, 2007, 7:09pm

When setting up Single Sign On via GSSAPI in Openfire, I found that Openfire requires a User Principal Name on the KDC rather than just a Service Principal name. It should only require a Service Principal Name.

This can happen when using Samba’s ‘net ads keytab add’ command, without the ‘createupn’ parameter added in samba 3.0.23

Jay · November 19, 2007, 8:05pm

I suspect this is a problem with Java itself, but an issue (JM-1191) has been opened for it in the event we can fix it.