ohh…missed this being openfire!
I was referring to using java8 with spark instead of the jre that’s bundle.
Hi,
I’ve Openfire 3.9.3 installed on centos 5.11 with java 7 (bundled in openfire)
To install jre8 i just need to install it normally? Openfire will assume the latest java installed or do i have to reconfigure anything else?
Thanks
Check out how JAVA_HOME is set within /etc/sysconfig/openfire
daryl
Not sure how it works on Linux exactly, but on Windows i just delete the built-in jre folder inside the installation and it uses the system one automatically.
I’ve had some time to mess with openfire and java 8. It looks like it indeed breaks sso . I believe this is because openfire uses DES . DES is disabled by default in java 8. It can be enabled by adding allow_weak_crypto=true in the krb5.ini/krb5.conf. However, even after adding this, I’m still unable to get SSO back up and running. reverting back to java 7 on the server, and everything works like a champ.
I’ll do some more testing to see if I can come up with a work around, but DES now being considered somewhat insecure, and Java 7 coming up on EOL, it might be a good time to see if a dev can look into this
Ok,
Installed jre8 on linux…pointed JAVA_HOME in /etc/sysconfig/openfire to the new jre like Daryl said…no problems so far
Thanks speedy. I have filed this as OF-906
I may have jumped the gun a little on this. DES is not required. I had always assumed it was due to all the sso guides. I disabled DES, and updated my keytab file…so no issue there.
There still is an issue with java 8u45 on with openfire. This might just be a bug, as I’ve been researching this, and apparently others started reporting issues with GSSAPI around 8u40. I plan to test this later tonight, and Ill report back. Either its a java bug or changer. Either way, it may help narrow down the cause and make it easier for the people much smarter than me fix it!
ok…so I just ran through all at java 8 releases, and none of them worked with sso…bummer.