Hey guys,
after following step by step this document made by Jonathan Murch, i managed to get SSO working for just one time.
Since then i´ve changed nothing.
I get this error in the Spark-Logs:
WARNUNG: Exception in Login:
SASL authentication failed: -- caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: animal.muppets.local@MUPPETS.LOCAL)]
at org.jivesoftware.smack.sasl.SASLMechanism.authenticate(SASLMechanism.java:121)
at org.jivesoftware.smack.sasl.SASLGSSAPIMechanism.authenticate(SASLGSSAPIMechanism.java:86)
at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java:319)
at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:203)
at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:1014)
at org.jivesoftware.LoginDialog$LoginPanel.access$1200(LoginDialog.java:219)
at org.jivesoftware.LoginDialog$LoginPanel$4.construct(LoginDialog.java:730)
at org.jivesoftware.spark.util.SwingWorker$2.run(SwingWorker.java:141)
at java.lang.Thread.run(Unknown Source)
Nested Exception: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: animal.muppets.local@MUPPETS.LOCAL)]
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(Unknown Source)
at org.jivesoftware.smack.sasl.SASLMechanism.authenticate(SASLMechanism.java:117)
at org.jivesoftware.smack.sasl.SASLGSSAPIMechanism.authenticate(SASLGSSAPIMechanism.java:86)
at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java:319)
at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:203)
at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:1014)
at org.jivesoftware.LoginDialog$LoginPanel.access$1200(LoginDialog.java:219)
at org.jivesoftware.LoginDialog$LoginPanel$4.construct(LoginDialog.java:730)
at org.jivesoftware.spark.util.SwingWorker$2.run(SwingWorker.java:141)
at java.lang.Thread.run(Unknown Source)
Caused by: GSSException: No valid credentials provided (Mechanism level: animal.muppets.local@MUPPETS.LOCAL)
at sun.security.jgss.krb5.Krb5Context.initSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
... 10 more
Caused by: java.net.UnknownHostException: animal.muppets.local@MUPPETS.LOCAL
at java.net.Inet6AddressImpl.lookupAllHostAddr(Native Method)
at java.net.InetAddress$1.lookupAllHostAddr(Unknown Source)
at java.net.InetAddress.getAddressFromNameService(Unknown Source)
at java.net.InetAddress.getAllByName0(Unknown Source)
at java.net.InetAddress.getAllByName(Unknown Source)
at java.net.InetAddress.getAllByName(Unknown Source)
at java.net.InetAddress.getByName(Unknown Source)
at sun.security.krb5.internal.UDPClient.<init>(Unknown Source)
at sun.security.krb5.KrbKdcReq$KdcCommunication.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.krb5.KrbKdcReq.send(Unknown Source)
at sun.security.krb5.KrbKdcReq.send(Unknown Source)
at sun.security.krb5.KrbKdcReq.send(Unknown Source)
at sun.security.krb5.KrbTgsReq.send(Unknown Source)
at sun.security.krb5.internal.CredentialsUtil.serviceCreds(Unknown Source)
at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(Unknown Source)
at sun.security.krb5.Credentials.acquireServiceCreds(Unknown Source)
... 13 more
Anyone knows how to solve this poblem?
Windows Server 2012 R2 as DC/KDC and Openfire
Windows 7 Professional as Client
Keytab is located in *\openfire\resources\
krb5.ini in C:\Windows on both machines
[libdefaults]
default_realm = MUPPETS.LOCAL
default_tkt_enctypes = rc4-hmac des3-cbc-sha1 des-cbc-crc des-cbc-md5
default_tgs_enctypes = rc4-hmac des3-cbc-sha1 des-cbc-crc des-cbc-md5
permitted_enctypes = rc4-hmac des3-cbc-sha1 des-cbc-crc des-cbc-md5 [realms]
MUPPETS.LOCAL = {
kdc = animal.muppets.local@MUPPETS.LOCAL
admin_server = animal.muppets.local@MUPPETS.LOCAL
default_domain = muppets.local
} [domain_realms]
domain.com = MUPPETS.LOCAL
.domain.com = MUPPETS.LOCAL
gss.conf in *\openfire\conf\
com.sun.security.jgss.accept {
com.sun.security.auth.module.Krb5LoginModule
required
storeKey=true
keyTab="C:/openfire/resources/xmpp.keytab"
doNotPrompt=true
useKeyTab=true
realm="MUPPETS.LOCAL"
principal="xmpp/animal.muppets.local@MUPPETS.LOCAL"
debug=true;
};