Login problem (LDAP/SSO)

Openfire Openfire Support
1

Hello

according to the description of the configuration sso from this page Openfire XMPP Server on Windows Server 2012 R2 with Spark SSO.pdf - Google Drive I did everything the way it is written. Unfortunately I have a problem with logging on in the program spark. No matter whether SSO is enabled or not. All the time I am getting information that I gave the incorrect login or password. I can log into the control panel without any problem. Openfire 4.1.5 and Spark 2.8.3. Do you have any idea?

Error log in spark is empty ;(

regards

Kuba

2

your first step is to make sure you can login without sso using your AD/LDAP creds.

3

I can’t log in without sso too. How to force Spark to generate logs? On server side I can’t see anything interesting in log.

4

Are you checking the logs at C:\Users\User\AppData\Roaming\Spark\logs? Also check all the files. Usually logs are scattered among the files.

5

there is no point in trying to get SSO to work, if you can’t sign in using plain ldap/ad credentials. First set that part up correctly, then you can move on to SSO.

6

SSO still not working:( Can anyone tell me what might be the problem?

sie 31, 2017 8:40:36 AM org.jivesoftware.spark.util.log.Log warning

WARNING: Exception in Login:

org.jivesoftware.smack.SmackException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null))]

at org.jivesoftware.smack.sasl.javax.SASLJavaXMechanism.getAuthenticationText(SASL JavaXMechanism.java:123)

at org.jivesoftware.smack.sasl.SASLMechanism.authenticate(SASLMechanism.java:196)

at org.jivesoftware.smack.sasl.SASLMechanism.authenticate(SASLMechanism.java:169)

at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java: 236)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.loginNonAnonymously(XMPPTCPConnect ion.java:373)

at org.jivesoftware.smack.AbstractXMPPConnection.login(AbstractXMPPConnection.java :457)

at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:1131)

at org.jivesoftware.LoginDialog$LoginPanel.access$900(LoginDialog.java:335)

at org.jivesoftware.LoginDialog$LoginPanel$3.construct(LoginDialog.java:894)

at org.jivesoftware.spark.util.SwingWorker.lambda$new$1(SwingWorker.java:138)

at java.lang.Thread.run(Unknown Source)

Caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null))]

at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(Unknown Source)

at org.jivesoftware.smack.sasl.javax.SASLJavaXMechanism.getAuthenticationText(SASL JavaXMechanism.java:120)

… 10 more

Caused by: GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null))

at sun.security.jgss.krb5.Krb5InitCredential.getTgt(Unknown Source)

at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Unknown Source)

at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Unknown Source)

at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Unknown Source)

at sun.security.jgss.GSSManagerImpl.getMechanismContext(Unknown Source)

at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)

at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)

… 12 more

Caused by: javax.security.auth.login.LoginException: Unable to obtain Principal Name for authentication

at com.sun.security.auth.module.Krb5LoginModule.promptForName(Unknown Source)

at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Unknown Source)

at com.sun.security.auth.module.Krb5LoginModule.login(Unknown Source)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at javax.security.auth.login.LoginContext.invoke(Unknown Source)

at javax.security.auth.login.LoginContext.access$000(Unknown Source)

at javax.security.auth.login.LoginContext$4.run(Unknown Source)

at javax.security.auth.login.LoginContext$4.run(Unknown Source)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)

at javax.security.auth.login.LoginContext.login(Unknown Source)

at sun.security.jgss.GSSUtil.login(Unknown Source)

at sun.security.jgss.krb5.Krb5Util.getTicket(Unknown Source)

at sun.security.jgss.krb5.Krb5InitCredential$1.run(Unknown Source)

at sun.security.jgss.krb5.Krb5InitCredential$1.run(Unknown Source)

at java.security.AccessController.doPrivileged(Native Method)

… 19 more

7

Did you make the change to your windows registry to allow java to ready the ticket?

Are you using DNS or krb5.ini file on the client?

Do you have a ptr record in dns?

Have you tried to recreate your keytab file?

is your krb5.ini (on the openfire server), correct?

There are a lot of moving parts with SSO…and its not so easy to set up if you haven’t done it before.

here is a quick how to I put together a while ago. you may give it a try.

How to Setup SSO on Windows Server 2008r2/2012r2 with a Domain level of 2008r2/2012r2

8

I did as follows.

ktpass /princ XMPP/europa.wodociagi.pl@WODOCIAGI.PL /mapuser xmpp-openfire@wodociagi.pl /pass * /ptype KRB5_NT_PRINCIPAL /crypto all

C:\Windows\system32>ktpass /princ XMPP/europa.wodociagi.pl@WODOCIAGI.PL /mapuser xmpp-openfire@wodociagi.pl /pass * /ptype KRB5_NT_PRINCIPAL /crypto all

Targeting domain controller: Europa.wodociagi.pl

Successfully mapped XMPP/europa.wodociagi.pl to xmpp-openfire.

Type the password for XMPP/europa.wodociagi.pl:

Type the password again to confirm:

Password successfully set!

Key created.

Key created.

Key created.

Key created.

Key created.

C:>ktpass /princ XMPP/europa.wodociagi.pl@WODOCIAGI.PL /mapuser xmpp-openfire@wodociagi.pl /crypto all -pass * /ptype KRB5_NT_PRINCIPAL /out xmpp.keytab

Targeting domain controller: Europa.wodociagi.pl

Successfully mapped XMPP/europa.wodociagi.pl to xmpp-openfire.

Type the password for XMPP/europa.wodociagi.pl:

Type the password again to confirm:

Password successfully set!

Key created.

Key created.

Key created.

Key created.

Key created.

Output keytab to xmpp.keytab:

Keytab version: 0x502

keysize 64 XMPP/europa.wodociagi.pl@WODOCIAGI.PL ptype 1 (KRB5_NT_PRINCIPAL) vno

18 etype 0x1 (DES-CBC-CRC) keylength 8 (0x2a2fc4e0374a80b3)

keysize 64 XMPP/europa.wodociagi.pl@WODOCIAGI.PL ptype 1 (KRB5_NT_PRINCIPAL) vno

18 etype 0x3 (DES-CBC-MD5) keylength 8 (0x2a2fc4e0374a80b3)

keysize 72 XMPP/europa.wodociagi.pl@WODOCIAGI.PL ptype 1 (KRB5_NT_PRINCIPAL) vno

18 etype 0x17 (RC4-HMAC) keylength 16 (0x99855ef86fb67e661da2f3bba8b9cf49)

keysize 88 XMPP/europa.wodociagi.pl@WODOCIAGI.PL ptype 1 (KRB5_NT_PRINCIPAL) vno

18 etype 0x12 (AES256-SHA1) keylength 32 (0xda0520af7c616b46eeb3d2d0854aceb3e39

4d1c3d3a0f4cf42b7b57383676630)

keysize 72 XMPP/europa.wodociagi.pl@WODOCIAGI.PL ptype 1 (KRB5_NT_PRINCIPAL) vno

18 etype 0x11 (AES128-SHA1) keylength 16 (0x31650ad6de5d8e5112f4badff3077efd)

file gss.conf

com.sun.security.jgss.krb5.accept {

com.sun.security.auth.module.Krb5LoginModule required

storeKey=true

keyTab=“C:/Program Files (x86)/openfire/resources/xmpp.keytab”

doNotPrompt=true

useKeyTab=true

isInitiator=false

debug=true

realm=“WODOCIAGI.PL”

principal="XMPP/europa.wodociagi.pl@WODOCIAGI.PL";

};

file krb5.ini on a client and server side

[libdefaults]

default_realm = WODOCIAGI.PL

[realms]

DOMAIN.LOCAL = {

kdc = europa.wodociagi.pl

admin_server = europa.wodociagi.pl

default_domain = wodociagi.pl

}

[domain_realms]

domain.local = WODOCIAGI.PL

.domain.local = WODOCIAGI.PL

773×29 3.14 KB

and I still have the same errors ;( Why is duplicated “Key created.” in ktpass utility output?

9

There appears to be an error in your krb5.ini

it should look like this

[libdefaults]

default_realm = WODOCIAGI.PL

[realms]

WODOCIAGI.PL = {

kdc = europa.wodociagi.pl

admin_server = europa.wodociagi.pl

default_domain = wodociagi.pl

}

[domain_realms]

wodociagi.pl = WODOCIAGI.PL

.wodociagi.pl = WODOCIAGI.PL

10

Unfortunately, this did not bring any effect:(

11

is europa.wodociagi.pl also your domain controller?

[realms]

WODOCIAGI.PL = {

kdc = europa.wodociagi.pl <----this should be your domain controller

admin_server = europa.wodociagi.pl <—his should be your domain controller

default_domain = wodociagi.pl

}

12

Yes it is.

13

is that also your xmpp chat server?

14

yes. Is that a problem?

2017.09.05 08:04:57 DEBUG [socket_c2s-thread-4]: org.apache.mina.core.filterchain.IoFilterEvent - Event EXCEPTION_CAUGHT has been fired for session 7

2017.09.05 08:04:57 DEBUG [socket_c2s-thread-2]: org.apache.mina.core.filterchain.IoFilterEvent - Firing a SESSION_CLOSED event for session 4

2017.09.05 08:04:57 DEBUG [NioProcessor-3]: org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event SESSION_CLOSED to session 2

Queue : [SESSION_CLOSED, ]

2017.09.05 08:04:57 DEBUG [socket_c2s-thread-2]: org.apache.mina.core.filterchain.IoFilterEvent - Event SESSION_CLOSED has been fired for session 4

2017.09.05 08:04:57 DEBUG [socket_c2s-thread-5]: org.apache.mina.core.filterchain.IoFilterEvent - Event EXCEPTION_CAUGHT has been fired for session 2

2017.09.05 08:04:57 DEBUG [socket_c2s-thread-4]: org.apache.mina.core.filterchain.IoFilterEvent - Firing a SESSION_CLOSED event for session 7

2017.09.05 08:04:57 DEBUG [socket_c2s-thread-6]: org.apache.mina.core.filterchain.IoFilterEvent - Event EXCEPTION_CAUGHT has been fired for session 8

2017.09.05 08:04:57 DEBUG [socket_c2s-thread-3]: org.apache.mina.core.filterchain.IoFilterEvent - Firing a SESSION_CLOSED event for session 5

2017.09.05 08:04:57 DEBUG [NioProcessor-1]: org.apache.mina.filter.ssl.SslHandler - Unexpected exception from SSLEngine.closeInbound().

javax.net.ssl.SSLException: Inbound closed before receiving peer’s close_notify: possible truncation attack?

at sun.security.ssl.Alerts.getSSLException(Unknown Source)

at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source)

at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source)

at sun.security.ssl.SSLEngineImpl.closeInbound(Unknown Source)

at org.apache.mina.filter.ssl.SslHandler.destroy(SslHandler.java:204)

at org.apache.mina.filter.ssl.SslFilter.sessionClosed(SslFilter.java:439)

at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(Def aultIoFilterChain.java:382)

at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$900(DefaultIoFilte rChain.java:47)

at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.sessionClosed (DefaultIoFilterChain.java:750)

at org.apache.mina.core.filterchain.IoFilterAdapter.sessionClosed(IoFilterAdapter. java:88)

at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(Def aultIoFilterChain.java:382)

at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireSessionClosed(Default IoFilterChain.java:375)

at org.apache.mina.core.service.IoServiceListenerSupport.fireSessionDestroyed(IoSe rviceListenerSupport.java:244)

at org.apache.mina.core.polling.AbstractPollingIoProcessor.removeNow(AbstractPolli ngIoProcessor.java:600)

at org.apache.mina.core.polling.AbstractPollingIoProcessor.removeSessions(Abstract PollingIoProcessor.java:560)

at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$800(AbstractPoll ingIoProcessor.java:67)

at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractP ollingIoProcessor.java:1132)

at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)

at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

2017.09.05 08:04:57 DEBUG [socket_c2s-thread-3]: org.apache.mina.core.filterchain.IoFilterEvent - Event SESSION_CLOSED has been fired for session 5

2017.09.05 08:04:57 DEBUG [socket_c2s-thread-4]: org.apache.mina.core.filterchain.IoFilterEvent - Event SESSION_CLOSED has been fired for session 7

2017.09.05 08:04:57 DEBUG [NioProcessor-3]: org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event EXCEPTION_CAUGHT to session 6

Queue : [EXCEPTION_CAUGHT, ]

2017.09.05 08:04:57 DEBUG [socket_c2s-thread-5]: org.apache.mina.core.filterchain.IoFilterEvent - Firing a SESSION_CLOSED event for session 2

2017.09.05 08:04:57 DEBUG [socket_c2s-thread-7]: org.apache.mina.core.filterchain.IoFilterEvent - Firing a EXCEPTION_CAUGHT event for session 6

2017.09.05 08:04:57 DEBUG [NioProcessor-1]: org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event SESSION_CLOSED to session 8

Queue : [SESSION_CLOSED, ]

2017.09.05 08:04:57 WARN [socket_c2s-thread-7]: org.jivesoftware.openfire.nio.ConnectionHandler - Closing connection due to exception in session: (0x00000006: nio socket, server, /10.10.1.30:56267 => 0.0.0.0/0.0.0.0:5222)

java.io.IOException: Istniejące połączenie zostało gwałtownie zamknięte przez zdalnego hosta

at sun.nio.ch.SocketDispatcher.read0(Native Method)

at sun.nio.ch.SocketDispatcher.read(Unknown Source)

at sun.nio.ch.IOUtil.readIntoNativeBuffer(Unknown Source)

at sun.nio.ch.IOUtil.read(Unknown Source)

at sun.nio.ch.SocketChannelImpl.read(Unknown Source)

at org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:273)

at org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:44)

at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoP rocessor.java:690)

at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPolling IoProcessor.java:664)

at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPolling IoProcessor.java:653)

at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPoll ingIoProcessor.java:67)

at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractP ollingIoProcessor.java:1124)

at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)

at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

2017.09.05 08:04:57 DEBUG [socket_c2s-thread-5]: org.apache.mina.core.filterchain.IoFilterEvent - Event SESSION_CLOSED has been fired for session 2

2017.09.05 08:04:57 DEBUG [NioProcessor-3]: org.apache.mina.filter.ssl.SslHandler - Unexpected exception from SSLEngine.closeInbound().

javax.net.ssl.SSLException: Inbound closed before receiving peer’s close_notify: possible truncation attack?

at sun.security.ssl.Alerts.getSSLException(Unknown Source)

at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source)

at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source)

at sun.security.ssl.SSLEngineImpl.closeInbound(Unknown Source)

at org.apache.mina.filter.ssl.SslHandler.destroy(SslHandler.java:204)

at org.apache.mina.filter.ssl.SslFilter.sessionClosed(SslFilter.java:439)

at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(Def aultIoFilterChain.java:382)

at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$900(DefaultIoFilte rChain.java:47)

at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.sessionClosed (DefaultIoFilterChain.java:750)

at org.apache.mina.core.filterchain.IoFilterAdapter.sessionClosed(IoFilterAdapter. java:88)

at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(Def aultIoFilterChain.java:382)

at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireSessionClosed(Default IoFilterChain.java:375)

at org.apache.mina.core.service.IoServiceListenerSupport.fireSessionDestroyed(IoSe rviceListenerSupport.java:244)

at org.apache.mina.core.polling.AbstractPollingIoProcessor.removeNow(AbstractPolli ngIoProcessor.java:600)

at org.apache.mina.core.polling.AbstractPollingIoProcessor.removeSessions(Abstract PollingIoProcessor.java:560)

at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$800(AbstractPoll ingIoProcessor.java:67)

at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractP ollingIoProcessor.java:1132)

at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)

at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

2017.09.05 08:04:57 DEBUG [socket_c2s-thread-7]: org.apache.mina.core.filterchain.IoFilterEvent - Event EXCEPTION_CAUGHT has been fired for session 6

2017.09.05 08:04:57 DEBUG [socket_c2s-thread-2]: org.apache.mina.core.filterchain.IoFilterEvent - Firing a SESSION_CLOSED event for session 8

2017.09.05 08:04:57 DEBUG [NioProcessor-3]: org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event SESSION_CLOSED to session 6

Queue : [SESSION_CLOSED, ]

2017.09.05 08:04:57 DEBUG [socket_c2s-thread-2]: org.apache.mina.core.filterchain.IoFilterEvent - Event SESSION_CLOSED has been fired for session 8

2017.09.05 08:04:57 DEBUG [socket_c2s-thread-7]: org.apache.mina.core.filterchain.IoFilterEvent - Firing a SESSION_CLOSED event for session 6

2017.09.05 08:04:57 DEBUG [socket_c2s-thread-7]: org.apache.mina.core.filterchain.IoFilterEvent - Event SESSION_CLOSED has been fired for session 6

2017.09.05 08:04:57 org.apache.mina.core.filterchain.IoFilterEvent - Event EXCEPTION_CAUGHT has been fired for session 6

2017.09.05 08:04:57 org.apache.mina.core.filterchain.IoFilterEvent - Firing a SESSION_CLOSED event for session 8

2017.09.05 08:04:57 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event SESSION_CLOSED to session 6

Queue : [SESSION_CLOSED, ]

2017.09.05 08:04:57 org.apache.mina.core.filterchain.IoFilterEvent - Event SESSION_CLOSED has been fired for session 8

2017.09.05 08:04:57 org.apache.mina.core.filterchain.IoFilterEvent - Firing a SESSION_CLOSED event for session 6

2017.09.05 08:04:57 org.apache.mina.core.filterchain.IoFilterEvent - Event SESSION_CLOSED has been fired for session 6

2017.09.05 08:07:59 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event SESSION_OPENED to session 9

Queue : [SESSION_OPENED, ]

2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Firing a SESSION_OPENED event for session 9

2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Event SESSION_OPENED has been fired for session 9

2017.09.05 08:07:59 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event MESSAGE_RECEIVED to session 9

Queue : [MESSAGE_RECEIVED, ]

2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Firing a MESSAGE_RECEIVED event for session 9

2017.09.05 08:07:59 org.apache.mina.filter.codec.ProtocolCodecFilter - Processing a MESSAGE_RECEIVED for session 9

2017.09.05 08:07:59 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event MESSAGE_SENT to session 9

Queue : [MESSAGE_SENT, ]

2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Event MESSAGE_RECEIVED has been fired for session 9

2017.09.05 08:07:59 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event MESSAGE_SENT to session 9

Queue : [MESSAGE_SENT, , MESSAGE_SENT, ]

2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Firing a MESSAGE_SENT event for session 9

2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Event MESSAGE_SENT has been fired for session 9

2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Firing a MESSAGE_SENT event for session 9

2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Event MESSAGE_SENT has been fired for session 9

2017.09.05 08:07:59 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event MESSAGE_RECEIVED to session 9

Queue : [MESSAGE_RECEIVED, ]

2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Firing a MESSAGE_RECEIVED event for session 9

2017.09.05 08:07:59 org.apache.mina.filter.codec.ProtocolCodecFilter - Processing a MESSAGE_RECEIVED for session 9

2017.09.05 08:07:59 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Constructed trust manager. Number of trusted issuers: 173, accepts self-signed: false, checks validity: true

2017.09.05 08:07:59 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Constructed trust manager. Number of trusted issuers: 173, accepts self-signed: false, checks validity: true

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Adding the SSL Filter tls to the chain

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server[9](no sslEngine) Initializing the SSL Handler

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server[9](no sslEngine) SSL Handler Initialization done.

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server9 : Starting the first handshake

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 processing the NEED_UNWRAP state

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server9: Writing Message : WriteRequest: HeapBuffer[pos=0 lim=50 cap=64: 3C 70 72 6F 63 65 65 64 20 78 6D 6C 6E 73 3D 22…]

2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Event MESSAGE_RECEIVED has been fired for session 9

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server9: Message received : HeapBuffer[pos=0 lim=187 cap=1024: 16 03 03 00 B6 01 00 00 B2 03 03 59 AE 3E CD 54…]

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 Processing the received message

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 processing the NEED_UNWRAP state

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 processing the NEED_TASK state

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 processing the NEED_WRAP state

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server9: Writing Message : WriteRequest: HeapBuffer[pos=0 lim=1249 cap=2115: 16 03 03 04 DC 02 00 00 4D 03 03 59 AE 3F 3F 0D…]

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 processing the NEED_UNWRAP state

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server9: Processing the SSL Data

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server9: Message received : HeapBuffer[pos=0 lim=75 cap=1024: 16 03 03 00 46 10 00 00 42 41 04 D6 C2 BA E7 C5…]

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 Processing the received message

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 processing the NEED_UNWRAP state

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 processing the NEED_TASK state

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 processing the NEED_UNWRAP state

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server9: Processing the SSL Data

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server9: Message received : HeapBuffer[pos=0 lim=6 cap=512: 14 03 03 00 01 01]

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 Processing the received message

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 processing the NEED_UNWRAP state

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server9: Processing the SSL Data

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server9: Message received : HeapBuffer[pos=0 lim=85 cap=512: 16 03 03 00 50 8B 3E 66 3D D4 C0 49 4F EF 21 40…]

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 Processing the received message

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 processing the NEED_UNWRAP state

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 processing the NEED_WRAP state

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server9: Writing Message : WriteRequest: HeapBuffer[pos=0 lim=6 cap=8: 14 03 03 00 01 01]

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 processing the NEED_WRAP state

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server9: Writing Message : WriteRequest: HeapBuffer[pos=0 lim=85 cap=132: 16 03 03 00 50 4F 13 B6 12 51 E3 55 0E EB 34 E7…]

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 processing the FINISHED state

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 is now secured

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 processing the FINISHED state

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 is now secured

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server9: Processing the SSL Data

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server9: Message received : HeapBuffer[pos=0 lim=213 cap=256: 17 03 03 00 D0 48 65 26 2D 54 E0 A0 1C 13 9C 36…]

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 Processing the received message

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server9: Processing the SSL Data

2017.09.05 08:07:59 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event MESSAGE_RECEIVED to session 9

Queue : [MESSAGE_RECEIVED, ]

2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Firing a MESSAGE_RECEIVED event for session 9

2017.09.05 08:07:59 org.apache.mina.filter.codec.ProtocolCodecFilter - Processing a MESSAGE_RECEIVED for session 9

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server9: Writing Message : WriteRequest: HeapBuffer[pos=0 lim=474 cap=512: 3C 3F 78 6D 6C 20 76 65 72 73 69 6F 6E 3D 27 31…]

2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Event MESSAGE_RECEIVED has been fired for session 9

2017.09.05 08:07:59 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event MESSAGE_SENT to session 9

Queue : [MESSAGE_SENT, ]

2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Firing a MESSAGE_SENT event for session 9

2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Event MESSAGE_SENT has been fired for session 9

2017.09.05 08:08:04 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event EXCEPTION_CAUGHT to session 9

Queue : [EXCEPTION_CAUGHT, ]

2017.09.05 08:08:04 org.apache.mina.core.filterchain.IoFilterEvent - Firing a EXCEPTION_CAUGHT event for session 9

2017.09.05 08:08:04 org.apache.mina.filter.ssl.SslHandler - Unexpected exception from SSLEngine.closeInbound().

javax.net.ssl.SSLException: Inbound closed before receiving peer’s close_notify: possible truncation attack?

at sun.security.ssl.Alerts.getSSLException(Unknown Source)

at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source)

at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source)

at sun.security.ssl.SSLEngineImpl.closeInbound(Unknown Source)

at org.apache.mina.filter.ssl.SslHandler.destroy(SslHandler.java:204)

at org.apache.mina.filter.ssl.SslFilter.sessionClosed(SslFilter.java:439)

at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(Def aultIoFilterChain.java:382)

at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$900(DefaultIoFilte rChain.java:47)

at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.sessionClosed (DefaultIoFilterChain.java:750)

at org.apache.mina.core.filterchain.IoFilterAdapter.sessionClosed(IoFilterAdapter. java:88)

at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(Def aultIoFilterChain.java:382)

at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireSessionClosed(Default IoFilterChain.java:375)

at org.apache.mina.core.service.IoServiceListenerSupport.fireSessionDestroyed(IoSe rviceListenerSupport.java:244)

at org.apache.mina.core.polling.AbstractPollingIoProcessor.removeNow(AbstractPolli ngIoProcessor.java:600)

at org.apache.mina.core.polling.AbstractPollingIoProcessor.removeSessions(Abstract PollingIoProcessor.java:560)

at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$800(AbstractPoll ingIoProcessor.java:67)

at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractP ollingIoProcessor.java:1132)

at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)

at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

2017.09.05 08:08:04 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event SESSION_CLOSED to session 9

Queue : [SESSION_CLOSED, ]

2017.09.05 08:08:04 org.apache.mina.core.filterchain.IoFilterEvent - Event EXCEPTION_CAUGHT has been fired for session 9

2017.09.05 08:08:04 org.apache.mina.core.filterchain.IoFilterEvent - Firing a SESSION_CLOSED event for session 9

2017.09.05 08:08:04 org.apache.mina.core.filterchain.IoFilterEvent - Event SESSION_CLOSED has been fired for session 9

2017.09.05 08:09:23 org.logicalcobwebs.proxool.openfire - Closing statement 1f27cc8 (belonging to connection 2) automatically

15

that error log does no look like it has anything to do with sso.

I have not tried to install openfire on a DC before with sso, so I’m unsure if that would work or not.

16

I will move openfire to another server, we will see then.

17

I have moved openfire to another server and I get error “DNS name not found” but in DNS this host is added.

765×38 6.94 KB

wrz 11, 2017 9:26:09 AM org.jivesoftware.spark.util.log.Log warning

WARNING: Exception in Login:

org.jivesoftware.smack.SmackException$ConnectionException: The following addresses failed: ‘_xmpp-client._tcp.ananke.wodociagi.pl:5222’ failed because javax.naming.NameNotFoundException: DNS name not found [response code 3]; remaining name ‘_xmpp-client._tcp.ananke.wodociagi.pl’, ‘ananke.wodociagi.pl:5222’ failed because java.net.ConnectException: Connection timed out: connect

at org.jivesoftware.smack.SmackException$ConnectionException.from(SmackException.j ava:255)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.connectUsingConfiguration(XMPPTCPC onnection.java:612)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.connectInternal(XMPPTCPConnection. java:850)

at org.jivesoftware.smack.AbstractXMPPConnection.connect(AbstractXMPPConnection.ja va:364)

at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:1107)

at org.jivesoftware.LoginDialog$LoginPanel.access$900(LoginDialog.java:335)

at org.jivesoftware.LoginDialog$LoginPanel$3.construct(LoginDialog.java:894)

at org.jivesoftware.spark.util.SwingWorker.lambda$new$1(SwingWorker.java:138)

at java.lang.Thread.run(Unknown Source)

18

I would use the A Host entry.

19

I also have that A host entry.

811×29 3.03 KB

20

Ananke is your XMPP Domain name which users use to login to in clients?