Can't add contacts when using UPN

Spark works great using smaAccountName, but we are finding that we are starting to have duplicate users across subdomains so we switched to userPrincipalName in the LDAP connection of Openfire 4.0.2.

That part seems to be working just fine. Users can connect to the service, browse for other users using a UPN, etc. However, when adding a contact using a UPN–while the name is recognized and changes to “Pending” status–the recipient never receives the invitation…so the two users cannot get connected or actually chat.

This is a fresh installation of Openfire 4.0.2 (still running 3.10 in a separate instance for the “old” logins). Spark is version 2.7.7. Openfire has been tested with both the bundled Java and also with Java 1.8.0_91 (by changing the JAVA_HOME in Openfire and CentOS 7). MySQL is version 5.5.47.

Curiously, found that this combination works:

username@domainname.tld@openfirename.tld (where the first @ is the UPN and the second @ connects to the Openfire server FQDN).

Basically, the UPN request isn’t complete without adding the Openfire server name and @ twice.

Has anyone else run into this when using UPN and Active Directory (LDAP)?