powered by Jive Software

Feature Request: Single-Sign-On (SSO) - Kerberos / NTLM Authentication

This post is to request a new feature for Jive Messenger 2.2.0 or later and to ask that it be added to the issue tracking system.

I would like JM to support Kerberos/NTLM Authentication as implemented by Pandion (perhaps there is a JEP for this already). As posted in this thread (http://www.jivesoftware.org/forums/thread.jspa?threadID=14559&tstart=45), Coversant Soapbox is the only XMPP server that currently supports this.

I’'ve already posted on the Pandion Forums asking about getting this support added to Jive Messenger (http://forums.pandion.be/viewtopic.php?t=441) and they seemed amicable to collaborating on the issue (even mentioned Matt by name).

My main reason behind wanting this is to allow true single-sign-on for my corporate IM users since they have to change their passwords on a regular basis. Allowing SSO in this way (as opposed to some products that claim single-sign-on but actually just mean you use the same username/password but you still have to “sign-on” manually each time) would give JM a huge boost in corporate deployments IMO. I will volunteer to help test this issue as we already have the infrastructure in place to support such testing (Win2k3 SP1 AD environment with XP SP2 clients).

I understand that this is probably going to have to depend on the resolution of issue JM-7 since SASL support is required before the Kerberoes/NTLM Auth can be implemented. I could be wrong though since I’‘m not entirely familiar with SASL from a developer’'s perspective.


Thanks for the feature request. I’'ve entered this as JM-281. Please feel free to vote for it and add any additional comments.