Issue when doing single-sign-on in MS SQL Server from Openfire

Hi.

I think I have found a tricky issue when doing single-sign-on in MS SQL Server and running Openfire 3.8.2 in Windows 2008 R2.

In openfire.xml is used this configuration:

  • connectionProvider.className - org.jivesoftware.database.DefaultConnectionProvider
  • Database configuration set under database.defaultProvider
  • Database MS Sql Server
  • database.defaultProvider.driver - net.sourceforge.jtds.jdbc.Driver
  • database.defaultProvider.username and database.defaultProvider.password are not set as SSO is enabled for the user that runs Openfire.

When the default connection provider is initialised in the method “org.jivesoftware.database.DefaultConnectionProvider.start” a NullPointerException is thrown in line 103 as username is null:

settings.setProperty(“user”, getUsername());

As a workaround I have created my own connectionProvider adding a check in line 103 in order to check whether login is null or not, and if the login is null neither “user” nor “password” are set in the properties, and it works as expected. In our case we can’t use login/password because of security policies, so the only workaround I could find is this.

Did I do something wrong or maybe this check should be added in order to avoid issues when using single-sign-on?

We eventually created a new ConnectionProvider extending the default one and overwriting the method “start()”; the method is now like that:

@Override

public void start() {

if (getUsername() == null) {

setUsername("");

}

super.start();

}

This fixes the SSO issue in our system without updating the code.