I just did a fresh install of Openfire 4.0.4, on a brand new server. Followed the instructions to get SSO to work, and it does! I can use SSO and get Spark to log in. However, even though the users and groups are populated from AD and appear in the admin console, they do not appear in the spark client. Even the “Offline Group” displays as empty, saying, “there are no online contacts in this group”. A logged-in spark user shows as logged in at the console, and even displays presence correctly. What could be preventing the names from displaying in the Spark client (both 2.7.7. and 2.8.2)?
You need to enable sharing in the contacts list for every group you see in Admin Console. Go to a group and enable it in its settings.
which guide did you use or find helpful?
The guide found on this thread is what I use for Windows install and SSO. Very detailed and thorough, and as long as I don’t try to skip steps (lime launching the installer instead of using the zip file), it works every time.
Wow… Now I feel dumb. I even looked at that screen, and saw that “enable contact list group sharing” was already selected. I didn’t realize I also had to manually tell it to share the list (and with whom) and what name to call it. Thanks! It’s all working now!
yes…that’s a well put together guide and very thorough. There are few things about it that are a little dated and should be revised.
Things to consider are
DES shouldn’t be used or enabled anymore. It should be excluded from the guide since its not required. Per the guide, the keytab being created will be using RC4 and not DES. note: RC4 should actually be replaced with AES 128 ,unless you still have some windows xp/server 2003 machines.
No need to enable “do not require kerberos preauth”
fyi…you might be able to skip the krb5.ini and use DNS. If you use krb5.ini files, there is no need to limit or set the crypto types in the libdefault section.
Thanks for that. Any chance there is an updated step-by-step walkthrough? Do you happen to know of a way to upgrade Openfire on a Windows AD/SSO setup without uninstalling and re-installing from scratch, wiping the database (and the record of messages)?