Cannot get clients to use SSO / Windows Integrated Authentication

I’ve got my Openfire install tied to our Active Directory users via LDAP.

I can logon manually via Pandion using “username@fully.qualified.domain” and my AD password.

But if I set up pandion to use the Integrated Windows Authentication it doesn’t work.

Did I setup my “domain” wrong in the Openfire server side? Server is running Ubuntu.

I’ve tried SSO with Spark and it also does not work.

I’m considering buying the Openfire book that was recently released as soon as I get another $25 gift certificate from Amazon.com.

pandion uses ntlm, and openfire sso is kerberos, just a wee bit different. if your openfire server runs on windows you could try this http://norman.rasmussen.co.za/dl/sasl-sspi/

I have never used it since my server is on linux.

Thanks Jason,

I am running openfire on a linux server. How would I go about getting openfire and pandion to both use NTLM? currently Openfire ‘reads’ our user OU in active directory via LDAP.

you don’t. you could do native sso which is kerberos, but I don’t think pandion supports that. spark+openfire supports sso though.

I’ve installed Spark and it also will not connect unless I manually type in my username and password. Sometimes when I have SSO enabled and enter the hostname into the config, the logon button is grayed out. After clicking and unclicking on things several times it’ll eventually re-enable the login button but then won’t work.

Did I miss something on the Openfire setup to enable it to work? I suppose I’ll build a new test server.

Thanks for your help.

mtarquini wrote:

Did I miss something on the Openfire setup to enable it to work? I suppose I’ll build a new test server.

yep. sso is not as simple as just checking the box. kerberos in general is not that easy.

there are guides on this site as well as numerous posts

http://www.igniterealtime.org/community/search.jspa?peopleEnabled=true&userID=&c ontainerType=&container=&q=sso