Java Time Out errors using SSO?

Hi all,

I got my Linux server running Openfire 3.3.2 using SSO, but now I am getting weird Java timeout errors in the Debug log and SSO no longer works. Here are my environment specs:

Openfire Version: 3.3.2

Server OS: Red Hat Enterprise Linux 4

Directory: Windows 2003 AD

Spark version: 2.5.6

Like I said, SSO was working. But now SSO no longer work. Spark just sits there for a while and the errors out with the standard “cannot connect, check your principle” message. Typing in the username and password works, but SSO fails. Here is the error sequence when I try to sign on using SSO. If any other details are needed, please let me know. Thanks!

2007.08.29 10:36:03 Trying to find a user’s DN based on their username. sAMAccountName: xxxxxxxx, Base DN: OU=_HOUSTON,DC=corpnet,DC=singlebuoy,DC=com…

2007.08.29 10:36:03 Creating a DirContext in LdapManager.getContext()…

2007.08.29 10:36:03 Created hashtable with context values, attempting to create context…

2007.08.29 10:36:03 … context created successfully, returning.

2007.08.29 10:36:03 Starting LDAP search…

2007.08.29 10:36:03 … search finished

2007.08.29 10:36:03 In LdapManager.checkAuthentication(userDN, password), userDN is: CN=“xxxxxxxx”,OU=“Users”,OU=“SBM ATLANTIA”…

2007.08.29 10:36:03 Created context values, attempting to create context…

2007.08.29 10:36:03 … context created successfully, returning.

2007.08.29 10:36:03 Ignoring extra content {}

2007.08.29 10:36:03 Trying to find a user’s DN based on their username. sAMAccountName: xxxxxxxx, Base DN: OU=_HOUSTON,DC=corpnet,DC=singlebuoy,DC=com…

2007.08.29 10:36:03 Creating a DirContext in LdapManager.getContext()…

2007.08.29 10:36:03 Created hashtable with context values, attempting to create context…

2007.08.29 10:36:03 … context created successfully, returning.

2007.08.29 10:36:03 Starting LDAP search…

2007.08.29 10:36:03 … search finished

2007.08.29 10:36:03 Trying to find a user’s DN based on their username. sAMAccountName: xxxxxxxx, Base DN: OU=_HOUSTON,DC=corpnet,DC=singlebuoy,DC=com…

2007.08.29 10:36:03 Creating a DirContext in LdapManager.getContext()…

2007.08.29 10:36:03 Created hashtable with context values, attempting to create context…

2007.08.29 10:36:03 … context created successfully, returning.

2007.08.29 10:36:03 Starting LDAP search…

2007.08.29 10:36:03 … search finished

2007.08.29 10:36:03 Creating a DirContext in LdapManager.getContext()…

2007.08.29 10:36:03 Created hashtable with context values, attempting to create context…

2007.08.29 10:36:03 … context created successfully, returning.

2007.08.29 10:36:33 EXCEPTION

java.net.SocketTimeoutException: Read timed out

at java.net.SocketInputStream.socketRead0(Native Method)

at java.net.SocketInputStream.read(Unknown Source)

at com.sun.net.ssl.internal.ssl.InputRecord.readFully(Unknown Source)

at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(Unknown Source)

at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source)

at org.mortbay.io.ByteArrayBuffer.readFrom(ByteArrayBuffer.java:168)

at org.mortbay.io.bio.StreamEndPoint.fill(StreamEndPoint.java:99)

at org.mortbay.jetty.bio.SocketConnector$Connection.fill(SocketConnector.java:190)

at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:277)

at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:203)

at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:357)

at org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:217)

at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:475)

2007.08.29 10:36:33 EOF

Anything in the spark logs?

Yes, there are some things in the error log. Here is it:

javax.security.sasl.SaslException: GSS initiate failed Caused by GSSException: No valid credentials provided (Mechanism level: Receive timed out)

at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(Unknown Source)

at org.jivesoftware.smack.sasl.SASLGSSAPIMechanism.authenticate(SASLGSSAPIMechanis m.java:75)

at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java: 194)

at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:341)

at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:828)

at org.jivesoftware.LoginDialog$LoginPanel.access$400(LoginDialog.java:196)

at org.jivesoftware.LoginDialog$LoginPanel$1.construct(LoginDialog.java:594)

at org.jivesoftware.spark.util.SwingWorker$2.run(SwingWorker.java:129)

at java.lang.Thread.run(Unknown Source)

Caused by: GSSException: No valid credentials provided (Mechanism level: Receive timed out)

at sun.security.jgss.krb5.Krb5Context.initSecContext(Unknown Source)

at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)

at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)

… 9 more

Caused by: java.net.SocketTimeoutException: Receive timed out

at java.net.PlainDatagramSocketImpl.receive0(Native Method)

at java.net.PlainDatagramSocketImpl.receive(Unknown Source)

at java.net.DatagramSocket.receive(Unknown Source)

at sun.security.krb5.internal.UDPClient.receive(Unknown Source)

at sun.security.krb5.KrbKdcReq$KdcCommunication.run(Unknown Source)

at java.security.AccessController.doPrivileged(Native Method)

at sun.security.krb5.KrbKdcReq.send(Unknown Source)

at sun.security.krb5.KrbKdcReq.send(Unknown Source)

at sun.security.krb5.KrbKdcReq.send(Unknown Source)

at sun.security.krb5.KrbTgsReq.send(Unknown Source)

at sun.security.krb5.internal.CredentialsUtil.serviceCreds(Unknown Source)

at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(Unknown Source)

at sun.security.krb5.Credentials.acquireServiceCreds(Unknown Source)

… 12 more

not-authorized(401)

at org.jivesoftware.smack.NonSASLAuthentication.authenticate(NonSASLAuthentication .java:94)

at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java: 227)

at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:341)

at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:828)

at org.jivesoftware.LoginDialog$LoginPanel.access$400(LoginDialog.java:196)

at org.jivesoftware.LoginDialog$LoginPanel$1.construct(LoginDialog.java:594)

at org.jivesoftware.spark.util.SwingWorker$2.run(SwingWorker.java:129)

at java.lang.Thread.run(Unknown Source)

Well, I rebooted the Linux server and now SSO works. That’s weird. I know I probably did something to cause the error, but I can’t imagine what it was. I didn’t make any major changes to the Openfire server, just modifying options in the web GUI. I even restart the openfire service multiple times, but the problem only went away when I rebooted the server. Odd.

Any clues as to what it could have been? If not, I’ll just keep an eye on it. Hopefully the problem won’t return.