I thought I had SSO working

I’m running Openfire 3.3.4 with Spark 2.5.8. When trying to use SSO, the only thing that shows up in the logs is

WARNING: Exception in Login:


at org.jivesoftware.smack.NonSASLAuthentication.authenticate(NonSASLAuthentication .java:94)

at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java: 227)

at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:341)

at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:828)

at org.jivesoftware.LoginDialog$LoginPanel.access$400(LoginDialog.java:196)

at org.jivesoftware.LoginDialog$LoginPanel$1.construct(LoginDialog.java:594)

at org.jivesoftware.spark.util.SwingWorker$2.run(SwingWorker.java:129)

at java.lang.Thread.run(Unknown Source)

No errors in the server log. I followed all the steps documented here http://www.igniterealtime.org/community/docs/DOC-1362

Please help! Thanks

I have a few questions:

  1. What OS is the server running on (if windows, be specific XP, 2003 server, etc)?

  2. What OS is the client running on?

If you answer windows to the questions above:

  1. Did you create the krb5.ini file

  2. Did you edit the client registry

  3. Did you make the gss.conf

  4. Did you modify your openfire.xml

  5. Did you successfully make the keytab and deploy it to the Openfire server

Sorry for all the questions. I do not like answering questions with questions but I really do need more info to help.

Not a problem. I wasn’t sure what information you needed to know.

  1. OS on server is Win2003 server

  2. OS on client is Vista but most people will be using XP

And yes to all of your other questions. I even recreated the keytab using Java instead of Windows to see if that would help

Thanks again

Vista is a big problem child. Have you tried on XP client?

OK, I tried it on an XP client and I have the same results unfortunately

What is the error that you see when it fails?

The only error message displayed is: Unabled to connect using Single Sign-On. Please check your principal and server settings. The only log message is what I had posted previously

Logging in without SSO does work.