I thought I had SSO working

Amy1 · January 29, 2008, 3:51pm

I’m running Openfire 3.3.4 with Spark 2.5.8. When trying to use SSO, the only thing that shows up in the logs is

WARNING: Exception in Login:

not-authorized(401)

at org.jivesoftware.smack.NonSASLAuthentication.authenticate(NonSASLAuthentication .java:94)

at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java: 227)

at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:341)

at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:828)

at org.jivesoftware.LoginDialog$LoginPanel.access$400(LoginDialog.java:196)

at org.jivesoftware.LoginDialog$LoginPanel$1.construct(LoginDialog.java:594)

at org.jivesoftware.spark.util.SwingWorker$2.run(SwingWorker.java:129)

at java.lang.Thread.run(Unknown Source)

No errors in the server log. I followed all the steps documented here http://www.igniterealtime.org/community/docs/DOC-1362

Please help! Thanks

NO_MESSAGES_OR_FRIEN · January 29, 2008, 4:20pm

I have a few questions:

What OS is the server running on (if windows, be specific XP, 2003 server, etc)?
What OS is the client running on?

If you answer windows to the questions above:

Did you create the krb5.ini file
Did you edit the client registry
Did you make the gss.conf
Did you modify your openfire.xml
Did you successfully make the keytab and deploy it to the Openfire server

Sorry for all the questions. I do not like answering questions with questions but I really do need more info to help.

Amy1 · January 29, 2008, 4:22pm

Not a problem. I wasn’t sure what information you needed to know.

OS on server is Win2003 server
OS on client is Vista but most people will be using XP

And yes to all of your other questions. I even recreated the keytab using Java instead of Windows to see if that would help

Thanks again

NO_MESSAGES_OR_FRIEN · January 29, 2008, 4:34pm

Vista is a big problem child. Have you tried on XP client?

Amy1 · January 29, 2008, 4:45pm

OK, I tried it on an XP client and I have the same results unfortunately

NO_MESSAGES_OR_FRIEN · January 29, 2008, 4:51pm

What is the error that you see when it fails?

Amy1 · January 29, 2008, 4:55pm

The only error message displayed is: Unabled to connect using Single Sign-On. Please check your principal and server settings. The only log message is what I had posted previously

Logging in without SSO does work.